Ethereal-users: RE: [Ethereal-users] Ethereal and Site-to-Site VPNs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Tue, 6 Apr 2004 14:54:18 +1000
At a guess your ethereal box is probably connected to the same switch
that your VPN device is on. If that it the case, then everything is
functioning as expected. A ethernet switch by nature does not allow
point to point (unicast) packets to be seen on ports other than those
directly involved in the communication. The ARPs you are seeing however
are probably the ARP requests that are flooded to all ports (as are all
broadcasts). (A switch is functionally identical to a data-link layer
bridge if you are trying to find out more info how this works)

To see the VPN traffic you either need to tell the switch to forward
traffic on the VPN ports to the monitoring port (called monitor or SPAN
functionality on some switches). Or alternatively use a dumb
hub/repeater which copies all seen traffic out of all ports. 

If this is not the configuration then you might need to provide more
info (for instance is ethereal actually running on the same box ass the
VPN)

 Regards, Martin

Martin Visser ,CISSP
Network and Security Consultant
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia

Phone: +61-2-9022-1670   
Mobile: +61-411-254-513
Fax: +61-2-9022-1800    
E-mail: martin.visserAThp.com
  

 


________________________________

	From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of PM Systems -
Chris Kroll
	Sent: Tuesday, 6 April 2004 6:31 AM
	To: ethereal-users@xxxxxxxxxxxx
	Subject: [Ethereal-users] Ethereal and Site-to-Site VPNs
	
	

	I am writing a practical which includes the validation of
encrypted data on the untrusted side of a site-to-site VPN.  I was
hoping to use Ethereal to at least verify that the traffic is in fact
encrypted, however no traffic shows up from either VPN device with the
exception of a couple of ARPs.  I've verified that Ethereal is set up
appropriately by generating other traffic on this network.  Is this just
a shortcoming of Etherreal or am I not doing something correctly.  Also,
I am not looking to decrypt the data, only validate that encrypted data
is being sent.  Thanks in advance!

	 

	Chris Kroll

	Security Analyst

	PM Systems Corporation - CUDefense Team

	800-233-4052 x207