Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Securing Networks

PC1 connects to router1 and router1 connects to router2 and router2 connects to PC2.

Where should I place a sniffer to find what the PC's are communicating?

If I place it between the routers.Which port on the router should I use ... will any port do .. if router1 port is 2 and connects to router2 on port 2.

How do I come to know which port on PC2 are open?

Thru Nessus. And if I find it out then how can I attack that port on PC2.

4 REPLIES
Hall of Fame Super Gold

Re: Securing Networks

Kunal

For the Sniffer to be able to capture packets it needs to be connected to a port that can see the packets without interferring with processing of the packets. If you have exactly what you have described, 2 PCs and 2 routers, then I do not see how you can use the Sniffer. If PCs are connected through a hub you can put the Sniffer on a port of the hub and capture the traffic. Or if the connection of PC to router or router to router is made through a switch you may be able to set up a SPAN port or a Monitor port and connect the Sniffer there to capture the traffic. But there is not a way to connect a Sniffer to a router port and see traffic from PC to router.

HTH

Rick

New Member

Re: Securing Networks

That means a sniffer should be on the same collision domain if I use a hub.

So if I connect a sniffer to a router port I can capture packets from router to router? Is it right.

Basically it should be placed on either PC1 or PC2.

So you can see what is coming into PC1 and what is going out of PC1 but what if I had about 50 switches or 50 routers. I just need a sniffer and connect to any port on the router or switch to inspect any type of traffic

How deploying a switched infrastructure eliminates Packet sniffing?.

Please advice

Hall of Fame Super Gold

Re: Securing Networks

Kunal

Yes if you connect the Sniffer through a hub it will be in the same collision domain as the PC and the router.

How would you connect the Sniffer to the router port? If you use an Ethernet cable and connect the network card of the Sniffer directly to the router port, then there is not anything else connected on that router port and the router will not forward any traffic out that port, and the Sniffer will not see any traffic.

I think that you may not have fully understood my point before. Connecting Sniffer to a router port probably does not work well. Connecting Sniffer to a siwtch port can work well. The advantage of the switch is that you connect the Sniffer to a certain switch port. Then you make that switch port into a SPAN port or a Monitor port (depending on which type of switch) and the switch will make a copy of frames and send the copy to the monitor port and the Sniffer will capture that traffic.

HTH

Rick

Re: Securing Networks

As Rick tryed allready to exaplain you. You need just a SPAN or monitorring port on the Switch to sniff the traffic or you just put a HUB between the two routers in place.

Configuring a SPAN port see:

http://www.cisco.com/en/US/tech/tk389/tk816/tech_configuration_guides_list.html

If you want to use nessus then you need a HUB or a Switch port that is able to communicate with port Router and a valid ip address.

sincerely

Patrick

105
Views
4
Helpful
4
Replies
CreatePlease to create content