sniffing packets on a site-to-site VPN

Hi,

I have set up a home lab site-to-site VPN using IPSec tunneling between the gateways.
the set-up is like this:
Node1(f0)<--->(f0)Router1(s0)<--->(s0)Router2(f0)<--->(f0)Node2
What i would like to do is sniff the encrypted packets from the VPN to show as an example in a presentation. I have been sniffing packets from node1 and node2 but obviously i get un-encrypted packets as they have been decrypted by the routers.

I was wondering if anyone new of a way to sniff the packets that are encrypted between the two routers? I have dug out an old 2514 which has 2 serial ports and 2 AUI's. Do you think it would be possible to stick the 2514 between the vpn gateways and simply forward the encrypted packets back and forth and then hopefully sniff some of them using an ethernet transciever on the AUI?

Thanks a lot,

Richard

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

liven

don't know about the 2514,

but if you have a cheap hub you can plug it in between the two routers and sniff all day long.

Or you can put a network tap between the two routers

or a box with two network cards

or a switch and span one of the ports.

Personally I would go for the hub solution, it is easy and cheap and it works!!!

liven

Or course the data flowing through the vpn will be encrypted.

But you should be able to see all the communications between the two routers.

woody1144

Sounds good to me, are there hubs or NIC's around that have serial ports? had a quick search and couldnt find any. Shame i'm running the VPN over serial and not ethernet, so many options with ethernet!

Thanks a lot for the reply,

Richard

mikej412

Check out the sniffing packets on a serial link thread over in the CCNP Forum.

datchcha

Wouldn't NAT\PAT cause issue with a hub in between the routers? I have always used a hub between router and last switch on the inside interface.

mikej412

datchcha wrote:

Wouldn't NAT\PAT cause issue with a hub in between the routers? I have always used a hub between router and last switch on the inside interface.

A hub is layer 1 -- so it has no effect on the higher layers you're sniffing. A packet always comes in one port of the hub and always goes out all the other ports in a hub.

The only issues you may have is a speed/duplex issue if you "sneak" a hub between two highter speed devices. And maybe some QoS/traffic issues if the traffic exceeds the speed of the hub.