Penetration Testing mailing list archives

Re: [PEN-TEST] Protocol Sniffer on PPP interface

From: James Mancini <jmancini () NETREO NET>
Date: Tue, 10 Oct 2000 13:05:02 -0700

Yes, that sounds like a Network Associates WAN card. If you were to stick
that card in a PC and load the Sniffer Pro/WAN analysis software on it, it
should recognize the card and allow you to do packet captures. You'll need
the appropriate "Y" cable - these are Male to Female cables with a little
"tail" that plugs into one of the WAN card ports (which one depends on
interface type - V.35, RS232, etc.). You can buy the cables from any NAI
reseller (or direct, I think).

Cheers!

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Dunker, Noah
Sent: Tuesday, October 10, 2000 12:06 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Protocol Sniffer on PPP interface


Just a quick question... I bought a Network General Distributed
Sniffer Server from an auction... It had all sorts of network
ports on it... 2 NICs with 100BaseTX and Coax, and a bizarre card
(that had it's own intel i960 proc on-board) with 2 d-sub
connectors... 25 Pin Female and 15 pin Female)... Might this be
a mysterious WAN card for sniffing PPP with the Distributed
Sniffer Server?



-----Original Message-----
From: James Mancini [mailto:jmancini () NETREO NET]
Sent: Tuesday, October 10, 2000 10:55 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Protocol Sniffer on PPP interface


Sniffing PPP requires that you have a WAN interface into the laptop. Network
Associates' solution is the WANBook, a "pod" that attaches via Ethernet to
the laptop and provides the required serial interfaces. You'd also need the
appropriate "Y" cable. Sniffer Pro does have the decodes for it, it just
can't see it except across the serial interface.

I didn't think Sniffer Pro ran on W2K though?

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Curphey, Mark (ISS Atlanta)
Sent: Monday, October 09, 2000 1:05 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Protocol Sniffer on PPP interface


Sat on the end of a dismal 56k dial-up I fired up some sniffers to look at
how a web based app works.

On my win2k laptop I usually carry "analyzer" (which is awesome), "tcp
dump", "sniffer pro" and "ethereal" (I have left my Linux laptop at home).

None of these seem to allow me to look at the traffic across the PPP
interface.

Any ideas ?

Current thread:

Re: [PEN-TEST] Protocol Sniffer on PPP interface, (continued)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Ryan Permeh (Oct 10)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Marnix Petrarca (Oct 12)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface James Mancini (Oct 10)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Greg (Oct 10)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Vitaly McLain (Oct 11)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Ryan Permeh (Oct 11)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Aaron Higbee (Oct 20)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Guidry, Toby (Oct 10)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Frank Knobbe (Oct 10)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Dunker, Noah (Oct 10)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface James Mancini (Oct 10)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Wolfgang Zenker (Oct 10)
    - Re: [PEN-TEST] Protocol Sniffer on PPP interface Dragos Ruiu (Oct 11)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Brian Brotschi (Oct 10)