Hi there, i have very little work experience but a degree in networking, and hopefully the other part to my A+ and Net+ when i sit both the exams next week. also studing CCNA ATM. i played around with programming at university (Perl,Java,C++) but to say we didnt get on would be an understatement! although i have recently taken a keen interest in security. as i am quite familiar with Cisco kit i have just taken an approach that seems rather unusual (after reading a few posts on the forum regarding other peoples home setup).

- I configured 2 routers
- connected routers to a  switch (Configured)
connected laptop and PC to get a small working LAN.
-setup wireshark on a PC
-telnetted from pc to router and viewed the Plaintext data captured using wireshark.
-also used wireshark to collect plaintext between 2 machines on the lan using MSN messenger.

Although all this was rather basic, i was quite impressed with what i had done/learned. and the small problems i discovered along the way provided good real-life hands on education:
-Didnt set exec password but set telnet, therefore locking me out router  -Having to break into a 2950 switch which someone previously set up with a username/password)

the problem is now im running out of ideas, any ideas of any other data i could try sniffing or any other labs i can perform with this kind of setup?

I was thinking of experimenting with NMAP and other software which could allow me to exploit vunrubilities found within the NMAP scan but this will be another milestone

thanks.

Cheers for the reply Timmedin, that gives me a lot to get reasearching on! what do you mean by: 'try to see what it takes to get credentials from someone (yourself)' is this to do with socal engineering? 

ah just did a bit of brief research on XXS, seems to be a popular source of attack, ill have to see if i can dig up some more info or find a simple tutorial. couldnt work out if u were joking or talking tech in the last post, but good ideas, thanks for the replies

I had already done this before my last post, but thanks for the link anyway, i heard it was possibleso i used the only toll in my hackers toolkit (ATM) Google!

Had a look at these types of attacks, but finding it hard to find any documentation which really explain how to perform these attacks although  very keen to learn and play around with.

A great tool that focuses on these attacks is called Yersinia.  Here's a list of some of the attacks it can do:

Spanning Tree Protocol (STP)
Cisco Discovery Protocol (CDP)
Dynamic Trunking Protocol (DTP)
Dynamic Host Configuration Protocol (DHCP)
Hot Standby Router Protocol (HSRP)
IEEE 802.1Q
IEEE 802.1X
Inter-Switch Link Protocol (ISL)
VLAN Trunking Protocol (VTP)

You can also use Gobbler for DoS & DHCP starvation attacks against a switch. 

VLAN hopping was considered a "dead" attack that was almost a waste until IP Telephony converged together with an IP Network.  Now, there are several VOIP tools out there that take advantage of this because now this attack has re-emerged into a crippling one.  You could use VoIP Hopper for this.  Do a search for "vlan hopping tool" to find even more tools.

On the router, you could easily implement IOS IPS to have a fully-functional Cisco IPS on the router.  You could also setup IOS F/W to simulate an ASA and try to get past that.  There's much more you could do but it requires deeper understanding of routers which may take you down the path of network engineering.