Re: Need a sniffer/password capture to prove telnet is bad

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-11-23 at 15:28, Frank Pineau wrote:
> On Tue, 2004-11-23 at 15:06 -0500, Alex Evonosky wrote:
> > Matthew Miller wrote:
> > 
> > >>Ethereal can capture that just fine in promisc mode...
> > > 
> > > 
> > > But, if it's a switched network, you'll need to actually be somewhere in the
> > > path his packets are travelling. 
> > > 
> > 
> > not unless you have access to the switch and issue a spanning-tree 
> > session.. Then you can monitor ANY port on that switch.
> 
> 
> If you can't port-mirror (span tree, SNAP, etc), simply putting a hub
> inline (say, off the inside interface of your firewall...) and plugging
> your sniffer into that hub would work nicely.

Another tool you can try is ettercap.  It has a very nice arp poison
mode that can let you sniff all packets going through most switches
without having to mirror ports. While running ettercap if it sees a
telnet protocol it will grab the user id and password and dump it in a
window for you.  You can also log the results.
 

The easy method though is to mirror his port and use ethereal.  


-- 
Scot L. Harris
webid@xxxxxxxxxx

Tis man's perdition to be safe, when for the truth he ought to die. 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux