E gads! All hacks because even at this time Cisco can't manage to write the little code necessary to create a buffer in memory where packets can be stored, and then transferred via TFTP. With today's routers that have more than enough processing power and memory, there's just no excuse, IMO.
Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: dre [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 12:37 PM To: [EMAIL PROTECTED] Subject: Re: Ip snooping in cisco routers [7:74708] ""Reimer, Fred"" wrote in message ... > Cisco routers don't have the ability to capture packets. However, you can > use an ACL and the debug ip packet command to get some limited information. Well, you can do "debug ip packet dump" and get the full payload in both hex and ASCII (like tcpdump). Or, even better, if the device supports SPAN, RSPAN or ERSPAN, you can mirror the traffic from x ports/vlans to y ports/vlans. Or, you can setup a GRE tunnel that copies all traffic from the Cisco to a nearby Unix machine. https://www.phrack.com/show.php?p=56&a=10 There are also many other ways to accomplish this, which rely on changing the ways the protocols normally operate. For example, using a tool such a (but clearly not limited to) dsniff or irpas, one can easily create a MITM gateway based on modification of ARP, ICMP redirect, IRDP, STP, HSRP, PBR (using interface, next-hop, etc), or even using generalized proxies (IP NAT, MAC address translation). -dre **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74730&t=74708 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html