Government Security
Network Security Resources

Jump to content

Photo

How To Sniff Vpn ?


  • Please log in to reply
16 replies to this topic

#1 badpig

badpig

    Private

  • Members
  • 10 posts

Posted 13 January 2004 - 12:01 AM

How to Sniff VPN ? when i'm uses VPN i want to Sniff.

what program to uses to sniff
every one can tell me :lol:

#2 Guest_Maffuster_*

Guest_Maffuster_*
  • Guests

Posted 13 January 2004 - 10:38 AM

Need a bit more info here...

Are you ON a vpn yourself, and want to sniff the traffic, or are you wanting to sniff someone else's VPN? If you want to sniff someone else's VPN, are you on the same subnet as them...or what?

Ethereal is what most people use for heavy duty sniffing, although there are others.

#3 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 13 January 2004 - 10:48 AM

In theory you could sniff the VPN traffic but it would just be encypted data.

#4 ifhope

ifhope

    Private First Class

  • Members
  • 59 posts

Posted 13 January 2004 - 07:37 PM

use tcpdump with the -v option

#5 badpig

badpig

    Private

  • Members
  • 10 posts

Posted 14 January 2004 - 12:56 AM

Umm
When i'm uses VPN in same subnet
i want to test Sniff data All user ?

thank

#6 youvegotmail

youvegotmail

    Private First Class

  • Members
  • 34 posts

Posted 14 January 2004 - 05:15 AM

usually due to the nature of a vpn you have 3 options
1) decrypt traffic off the line - have fun will take a lot of time
to even decode one single packet (break ipsec encryption ??)
2) catch the traffic before/after it passes the tunnel
usually possible on your workstation or at the remote end
regards,
u.

#7 Guest_SKyLiNe_*

Guest_SKyLiNe_*
  • Guests

Posted 15 January 2004 - 06:02 AM

Sniffing traffic before or after encryption wouldnt really be sniffit it imho.
If you have acces to either the start or the end point your not in between
traffic anymore like as if you where sniffing regular unencrypted connections.
Furthermore, VPN isnt just VPN, there are many types and flavours and configurations, things that come to mind are; Certificate Authorities (Root, Subordinate, offline, online, standalone, enterprise and 3 tier configs), Hardware or Software based VPN, IPSEC, SmartCard, EAP, PKI, L2TP, PPTP, and multiple other factors which will either make it possible or not for you to sniff/decrypt
packets that are exchanged over the VPN.

#8 tshark

tshark

    Private First Class

  • Members
  • 42 posts

Posted 24 November 2004 - 12:25 AM

got a question. Is there are way to connect to 2 vpns. I mean. You have 1 vpn connect to another vpn that connects to the web?

and also.. i use firefox as my browser and i was wondering what is the best way to do
PC > VPN > proxy chain > web ?? getanonymous isnt capatible with firefox yet, so what can i do ?

thanks!

- T

#9 Decadence

Decadence

    Private

  • Members
  • 2 posts

Posted 26 November 2004 - 03:45 AM

Ettercap will allow you to use a man-in-the-middle attack for sniffing VPN traffic. As far as I understand it, the source computer will send it's certificate to the destination. Ettercap will intercept that certificate and generate a fake one to send to the destination. The same happens from destination to source. When the source computer sends data to the destination, it will decrypt it with the certificate it received from the source, read the data, encrypt it with the fake certiificate it sent to the destination, and then send it out. I think that's how it does it for VPNs (or maybe it was SSH?). Anyone care to confirm this?

#10 setthesun

setthesun

    Sergeant First Class

  • Sergeant Major
  • 574 posts

Posted 26 November 2004 - 10:24 AM

ettercap can sniff (ARP based) SSH and SSL traffic MITM style.

I don't know that ettercap can sniff VPN. But procedure should just like SSH.

setthesun me = new setthesun();

#11 --Elite--

--Elite--

    Private First Class

  • Members
  • 90 posts

Posted 27 November 2004 - 02:36 AM

Sniffing the data is not the problem ,
it`s not even littele hard to niff IPSec !
how ?
the only thing you need is the key ,
after that , a simple buf powerfull sniffer like tcpdump can capture data back to it`s
decrypted format .
so try to capture/steal the key first , then you`ve done 90% of the mission .
it was for IPsec ,

in case of tricking VPN clients/servers there is also some ways to break the channle
some public and documented and some still a big " ? "

here is one of those documented methods for special VPN solution :

PPTP insecurityes , by Mudge from L0pht group ,

#12 rajsmilesalways

rajsmilesalways

    Private

  • Members
  • 5 posts

Posted 06 January 2005 - 02:45 AM

how about vpn proxying ,

I mean steal the keys of the source and destination and proxy it thro' ur machine

#13 Spookie

Spookie

    Staff Sergeant

  • Sergeant Major
  • 293 posts

Posted 07 January 2005 - 07:23 AM

Heres some additional information that may help you.

Monkey.org
Beauty is only a light switch away

#14 giuseph90

giuseph90

    Private

  • Members
  • 1 posts

Posted 06 November 2011 - 06:57 PM

Whoa! How come you guys seem to know well about VPN sniffers. Looks like I've signup for the right site. I've been trying to do that for like forever now and no luck haha. Anyway, since we've been talking about VPN here I would just like to share with you guys this great http://www.vpnchoice...g/ipad-vpn/]VPN for ipad[/url] that I'm using myself. You won't regret considering this one if ever you need one for your precious ipad.

#15 Ayelen

Ayelen

    Private

  • Members
  • 3 posts

Posted 01 December 2011 - 09:33 AM

Your all answers are here: Best VPN service




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users