On Wednesday 24 November 2004 03:36, Edward Croft wrote: > I have a user I am trying to convince to quit using telnet. I have told > him that his password can be sniffed and that would expose his system. > He laughs and tells me that no one can get his password. So he threw > down the gauntlet for me to get his password. He telnets into his home > machine from work and I want to capture that, so what I am looking for > is something that can be run from my machine, listen to his here at work > and capture his home password without knowing explicitly the address of > that home machine. Any suggestions. To see his traffic you have to be either in the direct route, or both of you on the same hub that broadcasts packets. Most btter switching hubs don't do this, but thos can, I think, be defeated too. I think one of the Hacking Exposed books goes into this. For the actual sniffing, and because interpretation isn't that important to prove the point, I'd uee tcpdump or ethereal because I'd expect binaries to be on my CD. btw Best to get approval for this exercise; if you're caught without approval you will be skun. Otherwisem, set it up in a safer environment. Like at your mate's home, or yours. btw There are reasons other than security for using ssh: 1. Passwordless logins. If you set u the keys properly you don't need a password to login at all. 2. Compression. Data are compressed and can give better response. 3. Easier file exchange. Note not all employers will agree that this is good. -- Cheers John