On Tue, 23 Nov 2004 15:47:32 -0500, you wrote: >Another tool you can try is ettercap. It has a very nice arp poison >mode that can let you sniff all packets going through most switches >without having to mirror ports. While running ettercap if it sees a >telnet protocol it will grab the user id and password and dump it in a >window for you. You can also log the results. > > >The easy method though is to mirror his port and use ethereal. I don't normally recommend arp poisoning, especially for a neophyte, because it's so easy to do it wrong and hose your network.
