Sniffing computers on remote routers.

[Axon]

Let's get down to the core. At my work place, we have several institutes in a single building, each institute has its own corridor, some institutes may have more than one corridor, one for offices and the other for laboratories. However, the point here is that every corridor has its own routers where employees connect to (wired), which in return connect them to the main server. Now, is there a method at my disposal where I can sniff the computers connected to a different router given that I already know the IP address of that router?.


I know this question might seem trivial to some of you, I'm just worried about the level of security implemented on the routers. Therefore, I'm asking for some guidance,not spoon feeding.


Furthermore, keep in mind that I'm looking for a way to sniff the data sent from a remote router to the main server, I'm not interested in gaining access to the computers themselves.


Cheers.

[proxx]

Let's get down to the core. At my work place, we have several institutes in a single building, each institute has its own corridor, some institutes may have more than one corridor, one for offices and the other for laboratories. However, the point here is that every corridor has its own routers where employees connect to (wired), which in return connect them to the main server. Now, is there a method at my disposal where I can sniff the computers connected to a different router given that I already know the IP address of that router?.


I know this question might seem trivial to some of you, I'm just worried about the level of security implemented on the routers. Therefore, I'm asking for some guidance,not spoon feeding.


Furthermore, keep in mind that I'm looking for a way to sniff the data sent from a remote router to the main server, I'm not interested in gaining access to the computers themselves.


Cheers.

You want the easy or the hard way?
Sorry I have too little time to type a 3 page post.
Basically you could arp poison the router and route all the traffic through yourself.
Easy as that.

[Axon]

You want the easy or the hard way?
Sorry I have too little time to type a 3 page post.
Basically you could arp poison the router and route all the traffic through yourself.
Easy as that.

What is the hard way?

[Stackprotector]

What is the hard way?

Well, you could hack the router itself. Or a computer in the routers network. Though the ability to arp poison the router is the biggest vuln

[RedBullAddicted]

You want the easy or the hard way?
Sorry I have too little time to type a 3 page post.
Basically you could arp poison the router and route all the traffic through yourself.
Easy as that.

This will work as long as there is no arp protection configured on the router. ARP protection would only allow arp updates on "trusted" ports. Assuming this is a cisco router the best way would be getting priv 15 level access to the router. Depending on the managment access configuration this is scaling from hard to very hard.. lol. If you got access you could just mirror the port the server is connected to the port your notebook is connected. This will result in the most clean capture you can get. Other ways require you to permanently flood the network with packets which will result in a incomplete capture (lots of previous segment lost messages and so on).
In my opinion the easiest way to get a nice result is taping the wire the server is connected with This will only require physical access to the server room.

Warning - while you were typing a new reply has been posted. You may wish to review your post.

Damn Factionwars

[Axon]

Thank you all for the help, as for the arp poisoning being the the biggest challenge. I've done arp poisoning with cain and abel on the router I'm connected to several times. Apparently, the router and I think all the routers have no security against arp poisoning. I remember a while ago I've done the same on one of the routers that I'm trying to target remotely now, and it's not protected again arp attacks.

The only drawback here is that arp attacks crashes the internet for the rest of the employees connected to the router. Judging by the fact that my work colleagues in the office get disconnected as soon as I turn cain and abel(Windows) or Ettercap(Linux) on. However, they have not figured out the main cause behind it. They think this problem is due to the main server getting loaded with connections from thousands of employees, and since I always try to push this idea and other different ideas further on them, I think I'm on the safe side. Hopefully for a long time.   

[proxx]

Thank you all for the help, as for the arp poisoning being the the biggest challenge. I've done arp poisoning with cain and abel on the router I'm connected to several times. Apparently, the router and I think all the routers have no security against arp poisoning. I remember a while ago I've done the same on one of the routers that I'm trying to target remotely now, and it's not protected again arp attacks.

The only drawback here is that arp attacks crashes the internet for the rest of the employees connected to the router. Judging by the fact that my work colleagues in the office get disconnected as soon as I turn cain and abel(Windows) or Ettercap(Linux) on. However, they have not figured out the main cause behind it. They think this problem is due to the main server getting loaded with connections from thousands of employees, and since I always try to push this idea and other different ideas further on them, I think I'm on the safe side. Hopefully for a long time.

Crashing their connection ... that doesnt have to happen perse.
Otherwise you could see if you can use a transparant bridge.. use multiple interfaces for bridged sniffing.

[noob]

Can you copy output of  'route PRINT' command in cmd.

[Axon]

Can you copy output of  'route PRINT' command in cmd.

May I ask how this could be useful to you?

[imation]

surely if its a router of a decent variety, if you can gain access, you could just TCPdump the traffic?
 
http://www.routereflector.com/en/2013/05/embedded-packet-capture-tcpdump-on-cisco-ios-routers/
 
if im talking shit, please disregard this. very tired!
 
Good Luck

[s1l3nc3]

Axon are you trying to hack your work place or are you doing this for management purposes

im just intrerted to find out weather people acuatly hack there work networks

[Axon]

Axon are you trying to hack your work place or are you doing this for management purposes

im just intrerted to find out weather people acuatly hack there work networks

You have no idea what simple tools can do at work. Anyway, I'm doing it or trying to do it for the sole purpose of security testing.

[s1l3nc3]

hmm ok bro i get you sounds pretty cool, i wish you much luck, i hope one day i will have a job like yours where im free to enjoy the network