Penetration Testing mailing list archives

Re: [PEN-TEST] Protocol Sniffer on PPP interface

From: Brian Brotschi <brian.brotschi () networkice com>
Date: Tue, 10 Oct 2000 19:17:08 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are sort of correct.  The card with the two D-series connectors
and the i960 is referred to as the WAN card.  This differs from the
WANbook hardware that James referred to below.
The dual topology (Ethernet/WAN) Sniffer Server that you have should
also support PPP, when the ASYN frameing format is selected.  To use
this interface you will need a RS232c Y-cable, to be able to tap into
the serial interface to a modem.
brianb

- -----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () securityfocus com]On
Behalf
Of Dunker, Noah
Sent: Tuesday, October 10, 2000 12:06 PM
To: PEN-TEST () securityfocus com
Subject: Re: [PEN-TEST] Protocol Sniffer on PPP interface


Just a quick question... I bought a Network General Distributed
Sniffer Server from an auction... It had all sorts of network
ports on it... 2 NICs with 100BaseTX and Coax, and a bizarre card
(that had it's own intel i960 proc on-board) with 2 d-sub
connectors... 25 Pin Female and 15 pin Female)... Might this be
a mysterious WAN card for sniffing PPP with the Distributed
Sniffer Server?



- -----Original Message-----
From: James Mancini [mailto:jmancini () NETREO NET]
Sent: Tuesday, October 10, 2000 10:55 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Protocol Sniffer on PPP interface


Sniffing PPP requires that you have a WAN interface into the laptop.
Network
Associates' solution is the WANBook, a "pod" that attaches via
Ethernet to
the laptop and provides the required serial interfaces. You'd also
need the
appropriate "Y" cable. Sniffer Pro does have the decodes for it, it
just
can't see it except across the serial interface.

I didn't think Sniffer Pro ran on W2K though?

- -----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On
Behalf
Of Curphey, Mark (ISS Atlanta)
Sent: Monday, October 09, 2000 1:05 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Protocol Sniffer on PPP interface


Sat on the end of a dismal 56k dial-up I fired up some sniffers to
look at
how a web based app works.

On my win2k laptop I usually carry "analyzer" (which is awesome),
"tcp
dump", "sniffer pro" and "ethereal" (I have left my Linux laptop at
home).

None of these seem to allow me to look at the traffic across the PPP
interface.

Any ideas ?

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQA/AwUBOePKUsYzWutOpo/iEQJ3XQCePLYJBVT/JE4HGhg0vqz0oJJA7QQAn1To
QquMDDOLPWm0FOb0H3I9a7sz
=Uqy1
-----END PGP SIGNATURE-----

Current thread:

Re: [PEN-TEST] Protocol Sniffer on PPP interface, (continued)
- - Re: [PEN-TEST] Protocol Sniffer on PPP interface Greg (Oct 10)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Vitaly McLain (Oct 11)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Ryan Permeh (Oct 11)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Aaron Higbee (Oct 20)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Guidry, Toby (Oct 10)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Frank Knobbe (Oct 10)
- Re: [PEN-TEST] Protocol Sniffer on PPP interface Dunker, Noah (Oct 10)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface James Mancini (Oct 10)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Wolfgang Zenker (Oct 10)
    - Re: [PEN-TEST] Protocol Sniffer on PPP interface Dragos Ruiu (Oct 11)
  - Re: [PEN-TEST] Protocol Sniffer on PPP interface Brian Brotschi (Oct 10)