1
00:00:01,030 --> 00:00:09,690
Now previously when we topped show I.P not translations we only had inside local inside global one entry.

2
00:00:09,850 --> 00:00:11,880
That is the static entry.

3
00:00:11,980 --> 00:00:16,730
There's no outside local or outside global address because that's not being knotted.

4
00:00:17,720 --> 00:00:25,780
It's tripe telnetting 2 8 1 1 5 Notice it says Poskitt required but none sent.

5
00:00:26,000 --> 00:00:28,200
And the connection was terminated.

6
00:00:29,320 --> 00:00:44,950
So on a one line between 0 to 5 logon password Cisco enable password Cisco on rotisserie do the telnet

7
00:00:44,950 --> 00:00:46,090
again.

8
00:00:46,180 --> 00:00:56,460
Notice I can log in to Rodda one when I now look at the net translations on rodded t you can see that

9
00:00:56,490 --> 00:01:00,190
there are multiple nocte translations here.

10
00:01:00,240 --> 00:01:09,630
We've got two telnet sessions and that may be because the other net translation hasn't timed out when

11
00:01:09,680 --> 00:01:15,640
actually all the translations show IP net translation shows that one entry

12
00:01:18,390 --> 00:01:20,770
we've got our next translation back again.

13
00:01:21,090 --> 00:01:29,260
So inside local This IP address has got a telnet session port 23 going to it.

14
00:01:29,310 --> 00:01:34,260
So this router 8 1 1 2 is using an ephemeral port in the woods.

15
00:01:34,270 --> 00:01:44,790
A random port number to access Rato one on port 23 router 3 however is using this IP address to access

16
00:01:45,060 --> 00:01:52,200
this IP address on the outside internet which is then translated to this address internally allowing

17
00:01:52,380 --> 00:01:54,630
rotisserie to access Router one.

18
00:01:54,630 --> 00:02:00,790
Now there's no better way than looking at why shock to see what's actually going on.

19
00:02:00,870 --> 00:02:09,870
So I'll start with shock on router to use fast Ethan interface so I'm to start was shocked when this

20
00:02:09,870 --> 00:02:10,470
interface

21
00:02:15,930 --> 00:02:19,350
I'm going to hit enter on router 3.

22
00:02:19,590 --> 00:02:32,000
I noticed that some telnet data now so some told that data from 8 1 1 2 2 8 1 1 5 and 8 1 1 5 2 8 1

23
00:02:32,000 --> 00:02:34,730
1 2.

24
00:02:34,790 --> 00:02:44,110
So in the telnet sessions what you'll notice is that the telnet to data in this case a carriage return

25
00:02:44,430 --> 00:02:49,790
is going from 8 to 1 1 to 2 8 1 1 5 and then there's a reply back again.

26
00:02:49,900 --> 00:02:58,920
So if I type enable and then put my password in what we'll see in the output here.

27
00:03:03,910 --> 00:03:06,080
Is that data.

28
00:03:06,310 --> 00:03:14,660
So let's filter for Telenet scrolling down we can see that Rodda one was telling Ratatouille about the

29
00:03:14,930 --> 00:03:25,480
prompt and then wrote it to top enable and there we go carriage return Rodda one requested a password

30
00:03:26,050 --> 00:03:32,420
and then wrote it to and did C.I. as CEO and there's the password and head carriage return.

31
00:03:32,980 --> 00:03:42,920
And then the prompt changed Serrato one told rotatory that the new prompt is our one hash or £0.

32
00:03:43,040 --> 00:03:53,830
The important piece to note is that all communication on this link is between 8 1 1 2 and 8 1 1 5 which

33
00:03:53,830 --> 00:04:03,110
is the inside global address of the router 10 1 1 1 I'll stop the capture.

34
00:04:03,280 --> 00:04:04,820
And now let's do it again.

35
00:04:04,930 --> 00:04:08,630
I'll start the capture on the inside interface.

36
00:04:08,880 --> 00:04:10,030
So I'm going to do it on first.

37
00:04:10,030 --> 00:04:15,730
Ethan it is 0 0 of to full to this.

38
00:04:15,730 --> 00:04:21,300
Once again for telnet traffic and on Rodda 3.

39
00:04:21,320 --> 00:04:25,550
Now let's type exit and telnet back again.

40
00:04:26,670 --> 00:04:32,100
Put in the password top enable put in the password.

41
00:04:32,160 --> 00:04:43,240
So when you look at this traffic notice it's from 8 1 1 to the rotisseries IP address going to 10 1

42
00:04:43,240 --> 00:04:46,480
1 1 router one's IP address.

43
00:04:46,480 --> 00:04:49,240
So all the Tolmach traffic in this output

44
00:04:54,010 --> 00:05:03,160
including the password that's being sent NCIS CO2 is from 8 1 1 2 2 10 1 1 1.

45
00:05:03,280 --> 00:05:13,510
This router in the middle is translating 8 1 1 5 2 8 1 1 2 4 all traffic between Rato 1 and router three.