Re: [PEN-TEST] ios/cisco packet sniffer...

[Ryan Russell <ryan () SECURITYFOCUS COM>]

I've never seen any 3rd party software that one could add onto the IOS,
but I have given this particular question some thought before.

First of all, you can do a "debug ip packet", which will NOT give you the
full packets, but gives you port numbers and other information that might
be useful for traffic analysis, or as a starting point for what to watch
for,

Second, I think it would be possible to do a combination of tunnels and
maybe NAT to re-route traffic elsewhere in the world for monitoring, and
then back again.  Obviously this will cause a big performance hit if the
monitor is far away, network-wise, but for store-and-forward things like
mail, it probably wouldn't be noticed right away.  You should be able to
use policy-based routing to select which types of traffic (ports) you want
to redirect.

I haven't gotten as far as working out specific configurations for this,
sorry.

                                        Ryan

On Mon, 18 Sep 2000 mlynn () X25 NET wrote:

> im sure something like this exists (well im almost sure)...but has anyone
> seen a packet sniffer that would run on a cisco router?...