Penetration Testing mailing list archives

How to sniff packets from afar?

From: "Shawn Duffy" <sduffy () xecu net>
Date: Fri, 2 Nov 2001 21:14:48 -0500

I have a customer that has an EAL-4 Firewall with strong CGI scripting
protection on it and I was asked to look at a pen-test for him.
He currently has some of his own people periodically try to break-in to
keep it current with his changing environment.
I was wondering if any knows of a way to sniff packets from either his
VPN tunnel connections or traffic through his firewall when you cannot
connect directly in between his ISP and router.

I was told it is possible, but I don't see how.  Also, would anyone know
how to tap a T1 line from a dmark without disrupting service and without
knowing the parameters?

--
Shawn.

Attachment: smime.p7s
Description:

Current thread:

Re: Using Null Session information from NAT.EXE bs (Nov 01)
- <Possible follow-ups>
- Re: Using Null Session information from NAT.EXE Tom Fischer (Nov 01)
  - RE: Using Null Session information from NAT.EXE Pierre Kroma (Nov 03)
- Re: Using Null Session information from NAT.EXE Windex King (Nov 01)
  - How to sniff packets from afar? Shawn Duffy (Nov 05)
    - Re: How to sniff packets from afar? Penetration Testing (Nov 08)
    - Re: How to sniff packets from afar? ET LoWNOISE (Nov 08)
    - Re: How to sniff packets from afar? Dug Song (Nov 08)
- Re: Using Null Session information from NAT.EXE bluefur0r bluefur0r (Nov 03)
- Re: Using Null Session information from NAT.EXE H Carvey (Nov 05)