what program to uses to sniff
every one can tell me
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
How To Sniff Vpn ?
Started by
badpig
, Jan 13 2004 12:01 AM
16 replies to this topic
#1
badpig
-
- Members
-
- 10 posts
Private
Posted 13 January 2004 - 12:01 AM
How to Sniff VPN ? when i'm uses VPN i want to Sniff.
what program to uses to sniff
every one can tell me
what program to uses to sniff
every one can tell me
#2 Guest_Maffuster_*
Guest_Maffuster_*
-
- Guests
Posted 13 January 2004 - 10:38 AM
Need a bit more info here...
Are you ON a vpn yourself, and want to sniff the traffic, or are you wanting to sniff someone else's VPN? If you want to sniff someone else's VPN, are you on the same subnet as them...or what?
Ethereal is what most people use for heavy duty sniffing, although there are others.
Are you ON a vpn yourself, and want to sniff the traffic, or are you wanting to sniff someone else's VPN? If you want to sniff someone else's VPN, are you on the same subnet as them...or what?
Ethereal is what most people use for heavy duty sniffing, although there are others.
#3
Blake
-
- Retired Admin
-
- 7,334 posts
Former Commander In Chief
Posted 13 January 2004 - 10:48 AM
In theory you could sniff the VPN traffic but it would just be encypted data.
Subscribe To Our RSS Feed For the Latest News from GovernmentSecurity.orgWould you like to earn money posting on GSO?
#4
ifhope
-
- Members
-
- 59 posts
Private First Class
Posted 13 January 2004 - 07:37 PM
use tcpdump with the -v option
#5
badpig
-
- Members
-
- 10 posts
Private
Posted 14 January 2004 - 12:56 AM
Umm
When i'm uses VPN in same subnet
i want to test Sniff data All user ?
thank
When i'm uses VPN in same subnet
i want to test Sniff data All user ?
thank
#6
youvegotmail
-
- Members
-
- 34 posts
Private First Class
Posted 14 January 2004 - 05:15 AM
usually due to the nature of a vpn you have 3 options
1) decrypt traffic off the line - have fun will take a lot of time
to even decode one single packet (break ipsec encryption ??)
2) catch the traffic before/after it passes the tunnel
usually possible on your workstation or at the remote end
regards,
u.
1) decrypt traffic off the line - have fun will take a lot of time
to even decode one single packet (break ipsec encryption ??)
2) catch the traffic before/after it passes the tunnel
usually possible on your workstation or at the remote end
regards,
u.
#7 Guest_SKyLiNe_*
Guest_SKyLiNe_*
-
- Guests
Posted 15 January 2004 - 06:02 AM
Sniffing traffic before or after encryption wouldnt really be sniffit it imho.
If you have acces to either the start or the end point your not in between
traffic anymore like as if you where sniffing regular unencrypted connections.
Furthermore, VPN isnt just VPN, there are many types and flavours and configurations, things that come to mind are; Certificate Authorities (Root, Subordinate, offline, online, standalone, enterprise and 3 tier configs), Hardware or Software based VPN, IPSEC, SmartCard, EAP, PKI, L2TP, PPTP, and multiple other factors which will either make it possible or not for you to sniff/decrypt
packets that are exchanged over the VPN.
If you have acces to either the start or the end point your not in between
traffic anymore like as if you where sniffing regular unencrypted connections.
Furthermore, VPN isnt just VPN, there are many types and flavours and configurations, things that come to mind are; Certificate Authorities (Root, Subordinate, offline, online, standalone, enterprise and 3 tier configs), Hardware or Software based VPN, IPSEC, SmartCard, EAP, PKI, L2TP, PPTP, and multiple other factors which will either make it possible or not for you to sniff/decrypt
packets that are exchanged over the VPN.
#8
tshark
-
- Members
-
- 42 posts
Private First Class
Posted 24 November 2004 - 12:25 AM
got a question. Is there are way to connect to 2 vpns. I mean. You have 1 vpn connect to another vpn that connects to the web?
and also.. i use firefox as my browser and i was wondering what is the best way to do
PC > VPN > proxy chain > web ?? getanonymous isnt capatible with firefox yet, so what can i do ?
thanks!
- T
and also.. i use firefox as my browser and i was wondering what is the best way to do
PC > VPN > proxy chain > web ?? getanonymous isnt capatible with firefox yet, so what can i do ?
thanks!
- T
#9
Decadence
-
- Members
-
- 2 posts
Private
Posted 26 November 2004 - 03:45 AM
Ettercap will allow you to use a man-in-the-middle attack for sniffing VPN traffic. As far as I understand it, the source computer will send it's certificate to the destination. Ettercap will intercept that certificate and generate a fake one to send to the destination. The same happens from destination to source. When the source computer sends data to the destination, it will decrypt it with the certificate it received from the source, read the data, encrypt it with the fake certiificate it sent to the destination, and then send it out. I think that's how it does it for VPNs (or maybe it was SSH?). Anyone care to confirm this?
#10
setthesun
-
- Sergeant Major
-
- 574 posts
Sergeant First Class
Posted 26 November 2004 - 10:24 AM
ettercap can sniff (ARP based) SSH and SSL traffic MITM style.
I don't know that ettercap can sniff VPN. But procedure should just like SSH.
I don't know that ettercap can sniff VPN. But procedure should just like SSH.
setthesun me = new setthesun();
#11
--Elite--
-
- Members
-
- 90 posts
Private First Class
Posted 27 November 2004 - 02:36 AM
Sniffing the data is not the problem ,
it`s not even littele hard to niff IPSec !
how ?
the only thing you need is the key ,
after that , a simple buf powerfull sniffer like tcpdump can capture data back to it`s
decrypted format .
so try to capture/steal the key first , then you`ve done 90% of the mission .
it was for IPsec ,
in case of tricking VPN clients/servers there is also some ways to break the channle
some public and documented and some still a big " ? "
here is one of those documented methods for special VPN solution :
PPTP insecurityes , by Mudge from L0pht group ,
it`s not even littele hard to niff IPSec !
how ?
the only thing you need is the key ,
after that , a simple buf powerfull sniffer like tcpdump can capture data back to it`s
decrypted format .
so try to capture/steal the key first , then you`ve done 90% of the mission .
it was for IPsec ,
in case of tricking VPN clients/servers there is also some ways to break the channle
some public and documented and some still a big " ? "
here is one of those documented methods for special VPN solution :
PPTP insecurityes , by Mudge from L0pht group ,
#12
rajsmilesalways
-
- Members
-
- 5 posts
Private
Posted 06 January 2005 - 02:45 AM
how about vpn proxying ,
I mean steal the keys of the source and destination and proxy it thro' ur machine
I mean steal the keys of the source and destination and proxy it thro' ur machine
#13
Spookie
-
- Sergeant Major
-
- 293 posts
Staff Sergeant
Posted 07 January 2005 - 07:23 AM
Beauty is only a light switch away
#14
giuseph90
-
- Members
-
- 1 posts
Private
Posted 06 November 2011 - 06:57 PM
Whoa! How come you guys seem to know well about VPN sniffers. Looks like I've signup for the right site. I've been trying to do that for like forever now and no luck haha. Anyway, since we've been talking about VPN here I would just like to share with you guys this great http://www.vpnchoice...g/ipad-vpn/]VPN for ipad[/url] that I'm using myself. You won't regret considering this one if ever you need one for your precious ipad.
#15
Ayelen
-
- Members
-
- 3 posts
Private
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
