Tools
BackTrack
Yersinia
vconfig
Wireshark
Nmap
I start off by connecting to the LAN and getting a network address
dhclient eth0
I can see that I'm attached to the network 10.0.1.0/24
Next I fire up wireshark and check the network for DTP (Dynamic Trunking Protocol) frames and CDP (Cisco Discovery Protocol) frames.
I can see that I have both CDP and DTP frames present.
Now I want to tell the switch that my port is a trunk port, for this I'll use Yersinia and tell it to look at DTP.
yersinia -I
After I see DTP frames appear in Yersinia I launch the attack to configure the port for trunking.
Now I need to know the VLAN number that other networks are on. Before launching Yersinia I could only see traffic from my own network (10.0.1.0/24), now I can start to see traffic from hosts on another network (192.168.2.2).
Looking at the 802.1Q information in the frame I can see that the other network is on VLAN 2.
With this information I'll create a new interface in the new network and configure vconfig to tag the frames for VLAN2.
vconfig add eth0 2
ifconfig eth0.2 up
ifconfig eth0.2 192.168.2.200/24
ifconfig
Now I check I can ping the host I saw with Wireshark and I have a quick look at it's ports with Nmap.
ping -c 2 192.168.2.2
nmap 192.168.2.2
Great, I have plenty here to play with, and on port 80 ...........
Okay obviously this was staged but hopefully it illustrates two things. VLANs can be abused and Yersinia rocks!!!!!!!!!
