Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ios/cisco packet sniffer...
From: Joe Shaw <jshaw () INSYNC NET>
Date: Sat, 25 Nov 2000 10:28:55 -0600

On Sat, 25 Nov 2000, van der Kooij, Hugo wrote:

One good way to do a packet dump on a Cisco is:

    router(config)#access-list 199 permit ip <source> <mask> <destination> <mask>
    router(config)#access-list 199 permit ip <destination> <mask> <source> <mask>
    router# debug ip packet 199 dump

Will dump packets destined to and from

Don't use it too liberal. Your router is now left for DoS attack. Unless
you have a high CPU vs bandwidhth ratio a simple portscan will render your
router useless. (Customer thought he was smart. However I shot his router
straight out of the sky the moment I started a noisy test.)

Actually, using debugging alone can bring a Cisco to it's knees if you are
not careful.  The best way to try and hinder someone dropping your router
at this or any point, like in a small packet flood which will generally
send the CPU through the roof, is to institute process scheduling.  I
believe it only works on 7200 and up platforms running IOS 11.2 and later,
but it is useful.  The best part about it is that it's very tweakable.

Joseph W. Shaw
Sr. Network Security Specialist for Big Company not to be named.
I have public opinions, and they have public relations.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]