sniffing packets on a site-to-site VPN
woody1144
Member Posts: 10 ■□□□□□□□□□
Hi,
I have set up a home lab site-to-site VPN using IPSec tunneling between the gateways.
the set-up is like this:
Node1(f0)<--->(f0)Router1(s0)<--->(s0)Router2(f0)<--->(f0)Node2
What i would like to do is sniff the encrypted packets from the VPN to show as an example in a presentation. I have been sniffing packets from node1 and node2 but obviously i get un-encrypted packets as they have been decrypted by the routers.
I was wondering if anyone new of a way to sniff the packets that are encrypted between the two routers? I have dug out an old 2514 which has 2 serial ports and 2 AUI's. Do you think it would be possible to stick the 2514 between the vpn gateways and simply forward the encrypted packets back and forth and then hopefully sniff some of them using an ethernet transciever on the AUI?
Thanks a lot,
Richard
I have set up a home lab site-to-site VPN using IPSec tunneling between the gateways.
the set-up is like this:
Node1(f0)<--->(f0)Router1(s0)<--->(s0)Router2(f0)<--->(f0)Node2
What i would like to do is sniff the encrypted packets from the VPN to show as an example in a presentation. I have been sniffing packets from node1 and node2 but obviously i get un-encrypted packets as they have been decrypted by the routers.
I was wondering if anyone new of a way to sniff the packets that are encrypted between the two routers? I have dug out an old 2514 which has 2 serial ports and 2 AUI's. Do you think it would be possible to stick the 2514 between the vpn gateways and simply forward the encrypted packets back and forth and then hopefully sniff some of them using an ethernet transciever on the AUI?
Thanks a lot,
Richard
Comments
-
liven
Member Posts: 918
don't know about the 2514,
but if you have a cheap hub you can plug it in between the two routers and sniff all day long.
Or you can put a network tap between the two routers
or a box with two network cards
or a switch and span one of the ports.
Personally I would go for the hub solution, it is easy and cheap and it works!!!encrypt the encryption, never mind my brain hurts. -
liven
Member Posts: 918
Or course the data flowing through the vpn will be encrypted.
But you should be able to see all the communications between the two routers.encrypt the encryption, never mind my brain hurts. -
woody1144
Member Posts: 10 ■□□□□□□□□□
Sounds good to me, are there hubs or NIC's around that have serial ports? had a quick search and couldnt find any. Shame i'm running the VPN over serial and not ethernet, so many options with ethernet!
Thanks a lot for the reply,
Richard -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
Check out the sniffing packets on a serial link thread over in the CCNP Forum.:mike: Cisco Certifications -- Collect the Entire Set! -
datchcha
Member Posts: 265
Wouldn't NAT\PAT cause issue with a hub in between the routers? I have always used a hub between router and last switch on the inside interface.Arrakis
-
mikej412
Member Posts: 10,086 ■■■■■■■■■■
A hub is layer 1 -- so it has no effect on the higher layers you're sniffing. A packet always comes in one port of the hub and always goes out all the other ports in a hub.datchcha wrote:Wouldn't NAT\PAT cause issue with a hub in between the routers? I have always used a hub between router and last switch on the inside interface.
The only issues you may have is a speed/duplex issue if you "sneak" a hub between two highter speed devices. And maybe some QoS/traffic issues if the traffic exceeds the speed of the hub.
:mike: Cisco Certifications -- Collect the Entire Set!
