Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ios/cisco packet sniffer...
From: "van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>
Date: Sat, 25 Nov 2000 10:09:47 +0100

On Fri, 24 Nov 2000, Joe Hacker wrote:

I couldn't see this in the thread, only a bunch of links to various pages,
and since I
am off-line at the moment (and probably WAAAY behind reading this...), I
leave it
to the moderator to approve the post.

One good way to do a packet dump on a Cisco is:

      router(config)#access-list 199 permit ip <source> <mask> <destination> <mask>
      router(config)#access-list 199 permit ip <destination> <mask> <source> <mask>
      router(config)#end
      router# debug ip packet 199 dump

E.g.

      access-list 199 permit ip host 192.168.0.1 any
      access-list 199 permit ip any host 192.168.0.1

Will dump packets destined to and from 192.168.0.1.

I included the list, since debugging at packet level can cause the router
to reload if there is a lot
of traffic.

Don't use it too liberal. Your router is now left for DoS attack. Unless
you have a high CPU vs bandwidhth ratio a simple portscan will render your
router useless. (Customer thought he was smart. However I shot his router
straight out of the sky the moment I started a noisy test.)

Hugo.


--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
This message has not been checked and may contain harmfull content.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]