Sniff Through A Cisco Router

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Sniff Through A Cisco Router GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers giany Jun 28 2005, 10:12 PM Hello, Did anyone managed to sniff through a cisco router using a gre tunnel? myth Jun 29 2005, 12:20 AM Ettercap, atleast the linux version, has a plugin for that. I havent tried it yet, havent found the environment for it... Also, for the password sniffing, i prefer to use a tool like dsniff that i can control easier, and if it goes to shite, doesnt kill the lan till the next arp request reply tournament. QUOTE Remote traffic sniffing through tunnels and route mangling: You can play with linux cooked interfaces or use the integrated plugin to sniff tunneled or route- mangled remote connections and perform mitm attacks on them. CODE [0] gre_relay 1.0 Tunnel broker for redirected GRE tunnels QUOTE gre_relay This plugin can be used to sniff GRE-redirected remote traffic. The basic idea is to create a GRE tunnel that sends all the traffic on a router interface to the ettercap machine. The plugin will send back the GRE pack- ets to the router, after ettercap "manipulation" (you can use "active" plugins such as smb_down, ssh decryption, filters, etc... on redirected traffic) It needs a "fake" host where the traffic has to be redirected to (to avoid kernel's responses). The "fake" IP will be the tunnel endpoint. Gre_relay plugin will impersonate the "fake" host. To find an unused IP address for the "fake" host you can use find_ip plugin. Based on the original Tunnelx technique by Anthony C. Zboralski published in http://www.phrack.org/show.php?p=56&a=10 by HERT. http://www.phrack.org/show.php?p=56&a=10 <- Check that link, quiet a good how-to, was of interest to me... easternerd Jun 29 2005, 06:53 AM One more plus point is that it can skim throught all those SSH packets too. giany Jun 29 2005, 08:39 AM QUOTE http://www.phrack.org/show.php?p=56&a=10 <- Check that link, quiet a good how-to, was of interest to me... I`ve been testing this.. and others..but when you launch the sniff on the linux end after a few seconds you can`t sniff no more..the linux server gets ddosed..I couldn`t use that tunnelx program.. you need a very stable server and bandwidth as well. The problem with this kind of attack is to redirect only a specific kind of traffic not all..and when it gets to the linux/freebsd/netbsd server to redirect it back to the cisco.. or to other server which is a little bit difficult to do neither source routing or iptables tricks worked for me..I`ll take a look at the gre_relay program.. Thx for the tips.. skydance Jul 3 2005, 06:25 PM i didnt try it but ive read about that in some hacking book.... basically you make a GRE tunnel between the cisco you want to sniff and another cisco at your place wired up with a hub and a machine with ethereal... This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.