Re: [PEN-TEST] Protocol Sniffer on PPP interface

["Dunker, Noah" <NDunker () FISHNETSECURITY COM>]

Just a quick question... I bought a Network General Distributed
Sniffer Server from an auction... It had all sorts of network
ports on it... 2 NICs with 100BaseTX and Coax, and a bizarre card
(that had it's own intel i960 proc on-board) with 2 d-sub
connectors... 25 Pin Female and 15 pin Female)... Might this be
a mysterious WAN card for sniffing PPP with the Distributed
Sniffer Server?



-----Original Message-----
From: James Mancini [mailto:jmancini () NETREO NET]
Sent: Tuesday, October 10, 2000 10:55 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Protocol Sniffer on PPP interface


Sniffing PPP requires that you have a WAN interface into the laptop. Network
Associates' solution is the WANBook, a "pod" that attaches via Ethernet to
the laptop and provides the required serial interfaces. You'd also need the
appropriate "Y" cable. Sniffer Pro does have the decodes for it, it just
can't see it except across the serial interface.

I didn't think Sniffer Pro ran on W2K though?

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Curphey, Mark (ISS Atlanta)
Sent: Monday, October 09, 2000 1:05 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Protocol Sniffer on PPP interface


Sat on the end of a dismal 56k dial-up I fired up some sniffers to look at
how a web based app works.

On my win2k laptop I usually carry "analyzer" (which is awesome), "tcp
dump", "sniffer pro" and "ethereal" (I have left my Linux laptop at home).

None of these seem to allow me to look at the traffic across the PPP
interface.

Any ideas ?