Hi All,

I am performing a pen test, following is the objective:
- Try and gain access to the cisco routers / switches in the network (total 5-6)
- Try and gain access to the application and passwords on different subnets

The problem is:
- Network is heavily segmented (more than 20 subnets in 3 different IP ranges- 10, 172 and 192 series). However they are all reachable/ accessible from my IP.
- Network uses switches
- Some of the applications are on different IP range, but reachable in two hops

I tried putting a sniffer on the network, including Ettercap to try and sniff the network for passwords etc.... but majority of the sniffers dont cross the first hop at the switch. So i am no where close to rest of the subnets/ip ranges. I tried using ettercap man in the middle attacks but, i guess it didnt work.

Can any one please guide me on using the right sniffer/ approach for this activity.

Thanks, fzy