Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
4
Helpful
4
Replies

Securing Networks

kunal-united
Level 1
Level 1

‎10-14-2005 08:14 AM - edited ‎03-09-2019 12:43 PM

PC1 connects to router1 and router1 connects to router2 and router2 connects to PC2.

Where should I place a sniffer to find what the PC's are communicating?

If I place it between the routers.Which port on the router should I use ... will any port do .. if router1 port is 2 and connects to router2 on port 2.

How do I come to know which port on PC2 are open?

Thru Nessus. And if I find it out then how can I attack that port on PC2.

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎10-14-2005 08:52 AM

Kunal

For the Sniffer to be able to capture packets it needs to be connected to a port that can see the packets without interferring with processing of the packets. If you have exactly what you have described, 2 PCs and 2 routers, then I do not see how you can use the Sniffer. If PCs are connected through a hub you can put the Sniffer on a port of the hub and capture the traffic. Or if the connection of PC to router or router to router is made through a switch you may be able to set up a SPAN port or a Monitor port and connect the Sniffer there to capture the traffic. But there is not a way to connect a Sniffer to a router port and see traffic from PC to router.

HTH

Rick

HTH

Rick

kunal-united
Level 1
Level 1
In response to Richard Burts

‎10-14-2005 09:30 AM

That means a sniffer should be on the same collision domain if I use a hub.

So if I connect a sniffer to a router port I can capture packets from router to router? Is it right.

Basically it should be placed on either PC1 or PC2.

So you can see what is coming into PC1 and what is going out of PC1 but what if I had about 50 switches or 50 routers. I just need a sniffer and connect to any port on the router or switch to inspect any type of traffic

How deploying a switched infrastructure eliminates Packet sniffing?.

Please advice

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to kunal-united

‎10-14-2005 11:23 AM

Kunal

Yes if you connect the Sniffer through a hub it will be in the same collision domain as the PC and the router.

How would you connect the Sniffer to the router port? If you use an Ethernet cable and connect the network card of the Sniffer directly to the router port, then there is not anything else connected on that router port and the router will not forward any traffic out that port, and the Sniffer will not see any traffic.

I think that you may not have fully understood my point before. Connecting Sniffer to a router port probably does not work well. Connecting Sniffer to a siwtch port can work well. The advantage of the switch is that you connect the Sniffer to a certain switch port. Then you make that switch port into a SPAN port or a Monitor port (depending on which type of switch) and the switch will make a copy of frames and send the copy to the monitor port and the Sniffer will capture that traffic.

HTH

Rick

HTH

Rick
0 Helpful

Patrick Iseli
Level 7
Level 7
In response to Richard Burts

‎10-14-2005 01:14 PM

As Rick tryed allready to exaplain you. You need just a SPAN or monitorring port on the Switch to sniff the traffic or you just put a HUB between the two routers in place.

Configuring a SPAN port see:

http://www.cisco.com/en/US/tech/tk389/tk816/tech_configuration_guides_list.html

If you want to use nessus then you need a HUB or a Switch port that is able to communicate with port Router and a valid ip address.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents