On Tue, 2004-11-23 at 15:28, Frank Pineau wrote: > On Tue, 2004-11-23 at 15:06 -0500, Alex Evonosky wrote: > > Matthew Miller wrote: > > > > >>Ethereal can capture that just fine in promisc mode... > > > > > > > > > But, if it's a switched network, you'll need to actually be somewhere in the > > > path his packets are travelling. > > > > > > > not unless you have access to the switch and issue a spanning-tree > > session.. Then you can monitor ANY port on that switch. > > > If you can't port-mirror (span tree, SNAP, etc), simply putting a hub > inline (say, off the inside interface of your firewall...) and plugging > your sniffer into that hub would work nicely. Another tool you can try is ettercap. It has a very nice arp poison mode that can let you sniff all packets going through most switches without having to mirror ports. While running ettercap if it sees a telnet protocol it will grab the user id and password and dump it in a window for you. You can also log the results. The easy method though is to mirror his port and use ethereal. -- Scot L. Harris webid@xxxxxxxxxx Tis man's perdition to be safe, when for the truth he ought to die.
