sniffing packets on a site-to-site VPN

woody1144woody1144 Member Posts: 10 ■□□□□□□□□□
Hi,

I have set up a home lab site-to-site VPN using IPSec tunneling between the gateways.
the set-up is like this:
Node1(f0)<--->(f0)Router1(s0)<--->(s0)Router2(f0)<--->(f0)Node2
What i would like to do is sniff the encrypted packets from the VPN to show as an example in a presentation. I have been sniffing packets from node1 and node2 but obviously i get un-encrypted packets as they have been decrypted by the routers.

I was wondering if anyone new of a way to sniff the packets that are encrypted between the two routers? I have dug out an old 2514 which has 2 serial ports and 2 AUI's. Do you think it would be possible to stick the 2514 between the vpn gateways and simply forward the encrypted packets back and forth and then hopefully sniff some of them using an ethernet transciever on the AUI?

Thanks a lot,

Richard

Comments

  • livenliven Member Posts: 918
    don't know about the 2514,

    but if you have a cheap hub you can plug it in between the two routers and sniff all day long.

    Or you can put a network tap between the two routers

    or a box with two network cards

    or a switch and span one of the ports.


    Personally I would go for the hub solution, it is easy and cheap and it works!!!
    encrypt the encryption, never mind my brain hurts.
  • livenliven Member Posts: 918
    Or course the data flowing through the vpn will be encrypted.

    But you should be able to see all the communications between the two routers.
    encrypt the encryption, never mind my brain hurts.
  • woody1144woody1144 Member Posts: 10 ■□□□□□□□□□
    Sounds good to me, are there hubs or NIC's around that have serial ports? had a quick search and couldnt find any. Shame i'm running the VPN over serial and not ethernet, so many options with ethernet!

    Thanks a lot for the reply,

    Richard
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Check out the sniffing packets on a serial link thread over in the CCNP Forum.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • datchchadatchcha Member Posts: 265
    Wouldn't NAT\PAT cause issue with a hub in between the routers? I have always used a hub between router and last switch on the inside interface.
    Arrakis
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    datchcha wrote:
    Wouldn't NAT\PAT cause issue with a hub in between the routers? I have always used a hub between router and last switch on the inside interface.
    A hub is layer 1 -- so it has no effect on the higher layers you're sniffing. A packet always comes in one port of the hub and always goes out all the other ports in a hub.

    The only issues you may have is a speed/duplex issue if you "sneak" a hub between two highter speed devices. And maybe some QoS/traffic issues if the traffic exceeds the speed of the hub. :D
    :mike: Cisco Certifications -- Collect the Entire Set!
Sign In or Register to comment.