On Tue, 23 Nov 2004 17:44:42 -0500, Frank Pineau <frank@xxxxxxxxxxx> wrote: > On Tue, 23 Nov 2004 15:47:32 -0500, you wrote: > > >Another tool you can try is ettercap. It has a very nice arp poison > >mode that can let you sniff all packets going through most switches > >without having to mirror ports. While running ettercap if it sees a > >telnet protocol it will grab the user id and password and dump it in a > >window for you. You can also log the results. > > > > > >The easy method though is to mirror his port and use ethereal. > > I don't normally recommend arp poisoning, especially for a neophyte, because > it's so easy to do it wrong and hose your network. > If you can get root on his system then get a terminal session running and run tcpdump port 23. -- Leonard Isham, CISSP Ostendo non ostento.
