Episode Details

Dynamic Trunking Protocol (DTP) makes it easy to sniff traffic from other VLANs. Disable DTP on user facing ports by making those ports access ports.

You need to learn to code! Learn Python. Learn Networking. You are going to be very powerful and very scary if you combine knowledge of networking with Python scripting! But, do good.

Learn to code. Learn Linux. Learn Networking.

Menu:

You need to learn Python! 0:00

Network Topology: 0:57

Python Script overview: 1:28

Cisco switch DTP setup: 2:00

We can see other VLAN traffic: 3:00

Script demo: 3:45

Results of attack: 4:24

Script explanation: 5:09

Create a loop: 5:49

Wireshark capturing of a different VLAN: 6:50

Kali Linux can see all VLAN traffic: 9:07

======

Scripts:

======

All scapy scripts here: davidbombal.wiki/githubscapy

Scapy DTP attack: davidbombal.wiki/scapydtp

Playlist: davidbombal.wiki/scapy

==============

Scapy Resources:

==============

Website: scapy.net/

Documentation: scapy.readthedocs.io/en/latest/

================

Cisco Best practice:

================

Access ports (for vlan 2 in this case):

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 2

Trunk ports:

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport nonegotiate

================

Connect with me:

================

Discord: discord.com/invite/usKSyzb

Twitter: www.twitter.com/davidbombal

Instagram: www.instagram.com/davidbombal

LinkedIn: www.linkedin.com/in/davidbombal

Facebook: www.facebook.com/davidbombal.co

TikTok: tiktok.com/@davidbombal

YouTube: www.youtube.com/davidbombal