Ethereal-users: Re: [Ethereal-users] Ethereal and Site-to-Site VPNs
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Wed, 7 Apr 2004 02:02:43 +1000
Try using real hubs instead of 10/100 dual speed "hubs" A dual speed 10/100 "hub" is not a hub at all, they are either just a standard low-end unmanaged switch or they may be two different hubs, one 10mbit and one 100mbit inside the same enclosure and connected internally together with a 2 port switch. If the latter, then you really have two different hubs and will only see the data from the same collission domain as where the ethereal box is connected. Make sure that the ethereal box connects to the hub at the same speed as the netscreen box connects with or else you are really connecting the ethereal box to a different hub and hence you wont see anything. If the former, then you really have a switch and you wont see the traffic at all unless you set the switch up in span/mirror mode something that might not be possible on a low end unmanaged switch. why they call these devices hubs is beyond me since they are not hubs at all. ----- Original Message ----- From: "PM Systems - Chris Kroll" <CKROLL@xxxxxxxxxxxxx> To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx> Sent: Tuesday, April 06, 2004 10:05 PM Subject: RE: [Ethereal-users] Ethereal and Site-to-Site VPNs Sorry for not provided more information in my previous message. I am using two Netscreens to create the Site-to-site VPN so it will not be possible for me to load Ethereal on those devices. The current end to end physical config is as follows: Netscreen - "dumb" 10/100 hub - dual port 10/100 router - "dumb" 10/100 hub - Netscreen. The PC that has Ethereal loaded has been placed on both sides of the router and I have successfully capture other data (ie Telnet, PINGS) to validate that ethereal is functioning. I have also validated that the VPN is up as I have transferred files between the protected networks. It's just crazy that absolutely nothing shows up from these devices, including the initial handshake. Again, any advice is greatly appreciated. Thanks -----Original Message----- From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Visser, Martin Sent: Tuesday, April 06, 2004 12:54 AM To: Ethereal user support Subject: RE: [Ethereal-users] Ethereal and Site-to-Site VPNs At a guess your ethereal box is probably connected to the same switch that your VPN device is on. If that it the case, then everything is functioning as expected. A ethernet switch by nature does not allow point to point (unicast) packets to be seen on ports other than those directly involved in the communication. The ARPs you are seeing however are probably the ARP requests that are flooded to all ports (as are all broadcasts). (A switch is functionally identical to a data-link layer bridge if you are trying to find out more info how this works) To see the VPN traffic you either need to tell the switch to forward traffic on the VPN ports to the monitoring port (called monitor or SPAN functionality on some switches). Or alternatively use a dumb hub/repeater which copies all seen traffic out of all ports. If this is not the configuration then you might need to provide more info (for instance is ethereal actually running on the same box ass the VPN) Regards, Martin Martin Visser ,CISSP Network and Security Consultant Technology & Infrastructure - Consulting & Integration HP Services 3 Richardson Place North Ryde, Sydney NSW 2113, Australia Phone: +61-2-9022-1670 Mobile: +61-411-254-513 Fax: +61-2-9022-1800 E-mail: martin.visserAThp.com ________________________________ From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of PM Systems - Chris Kroll Sent: Tuesday, 6 April 2004 6:31 AM To: ethereal-users@xxxxxxxxxxxx Subject: [Ethereal-users] Ethereal and Site-to-Site VPNs I am writing a practical which includes the validation of encrypted data on the untrusted side of a site-to-site VPN. I was hoping to use Ethereal to at least verify that the traffic is in fact encrypted, however no traffic shows up from either VPN device with the exception of a couple of ARPs. I've verified that Ethereal is set up appropriately by generating other traffic on this network. Is this just a shortcoming of Etherreal or am I not doing something correctly. Also, I am not looking to decrypt the data, only validate that encrypted data is being sent. Thanks in advance! Chris Kroll Security Analyst PM Systems Corporation - CUDefense Team 800-233-4052 x207 _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- References:
- RE: [Ethereal-users] Ethereal and Site-to-Site VPNs
- From: PM Systems - Chris Kroll
- RE: [Ethereal-users] Ethereal and Site-to-Site VPNs
- Prev by Date: [Ethereal-users] Email change
- Next by Date: [Ethereal-users] Re: Duplicate packets captured in local machine. (Ronnie Sahlberg)
- Previous by thread: RE: [Ethereal-users] Ethereal and Site-to-Site VPNs
- Next by thread: RE: [Ethereal-users] Ethereal and Site-to-Site VPNs
- Index(es):