Wireshark mailing list archives

Sniffing the WAN side of a VPN

From: Jeff Bruns <jeff.bruns () gmail com>
Date: Fri, 30 Apr 2010 13:08:24 -0400

We are part of a mid-sized VPN, one of several dozen physical locations
scattered across the Washington, DC metropolitan area. Each site is part of
a VPN provided by Comcast and has an address schema of 172.20.x.x/28. The
incoming internet connection is from a coax cable to a Comcast cable modem.

From the modem, an ethernet cable connects to a Cisco 2800 series router.

Network devices are then connected to the various ports on the Cisco box.

My question is related to the visible traffic between the comcast modem and
the router. Specifically, I'm wondering if since we're part of a VPN, if
sniffing the connection between the modem and the router would allow us to
see traffic which may be destined to other sites within our VPN.

For example, lets say the gateway address on our local network is
172.20.28.129. The next site's gateway address would be 172.20.29.129, the
next 172.20.30.129 and so on. If I sniff between the modem and the router,
would I be able to see traffic heading to the other various private gateways
within my VPN?

My knowledge of VPN networking is relatively slim, so the answer may hold no
relevance to wireshark. I understand that a VPN is provided by your ISP, so
I suppose it may vary depending on ISP. I wonder just how isolated a VPN is
amongst the rest of the internet. Does only traffic belonging to, or
originating from the VPN get routed to the cable modem, and from there,
filtered by the router according to destination address? Or could traffic be
routed at a higher level somewhere within the ISP, routing only traffic
destined for my local network (172.20.28.129/28) to the modem and thus the
router?

Thanks for the help.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Sniffing the WAN side of a VPN Jeff Bruns (Apr 30)
- Re: Sniffing the WAN side of a VPN Sheahan, John (Apr 30)
  - Re: Sniffing the WAN side of a VPN Martin Visser (Apr 30)