Close Panel




Turning Router Into Sniffer

By IPSECS Admin. Posted in Exploitation | No Comments »

It’s easy to intercept data communication inside linux/unix environment since there are so many tools to help us. We have tcpdump, wireshark, ettercap, dsniff, and still many others. But, can you imagine how to sniff data flows trough router? If our router are Juniper family, then we are lucky enough because Juniper has internal command which works like tcpdump on unix/linux system. For example, we can use this following command to sniff traffic on Juniper interface ge-0/0/0.0

monitor traffic interface ge-1/0/0.0 detail no-resolve
monitor traffic interface ge-1/0/0.0 detail no-resolve print-ascii print-hex

These two commands will work in Juniper like tcpdump in linux/unix below:

tcpdump -nev -i ge-1/0/0.0
tcpdump -nev -X -i ge-1/0/0.0

But remember, ge-1/0/0.0 interface is not known in linux/unix so that’s why you have to change this with Network Interface Card (NIC) in linux/unix. Then, how if our router is not Juniper family? Here, i’ll write my experience in sniffing inside Cisco router which’s known as the most popular router over the world.

Read more »



802.1x is an IEEE standard for port-based (well, we would rather say interface-based) enduser authentication on LANs. While it supports (and was initially designed for) Ethernet, the main current use of 802.1x is wireless users’ authentication as a part of the wireless security scheme provided by the 802.11i security standard. The 802.1x authentication chain consists of three elements:

  • Supplicant An end-user station, often a laptop, that runs 802.1x client software.
  • Authenticator A switch, a wireless gateway, or an access point to which the authenticating users connect. It must be configured to support 802.1x on the involved interfaces with commands like aaa authentication dot1x default group radius (global configuration) and dot1x port control auto (switch interface).
  • Authentication server A RADIUS server to which authenticators forward end users’ authentication requests for verification and authentication decision.

Cisco Switch


The Extensible Authentication Protocol (EAP) is used by all three 802.1x component devices to communicate with each other. It is extensible since many different EAP types exist for all kinds of authentication plans—for example, employing SIM cards, tokens, certificates, and more traditional passwords. Here we are interested only in Cisco-related protocols and products, thus the security weaknesses of EAP-LEAP are the target of the discussion.

Read more »





VLAN Hoping Attack

By IPSECS Admin. Posted in Exploitation | Comments Off


VLAN Hopping is an exploitation method used to attack a network with multiple VLANs. It is an attack that involves an attacking system to deploy packets. These packets have a destination of a system on a separate VLAN which would, in normal circumstances, not be accessible by the attacker. VLAN Hopping attacks are primarily conducted within the Dynamic Trunking Protocol (DTP). Often, VLAN Hopping attacks are directed at the trunking encapsulation protocol (802.1q or ISL).

Malicious traffic used for VLAN Hopping is tagged with a VLAN ID destined outside the VLAN on which the system conducting the attacks belongs to. An attacker can also attempt to behave and look like a switch, which will negotiate trunking, allowing the attacker to not only send, but receive traffic across more than one VLAN.

There are two common methods of VLAN Hopping; Switch Spoofing and Double Tagging.

Read more »





Our Old Researches

By IPSECS Admin. Posted in News | Comments Off

Click here to view our old researches. Enjoy!