Need a sniffer/password capture to prove telnet is bad
Leonard Isham
leonard.isham at gmail.com
Tue Nov 23 23:13:19 UTC 2004
On Tue, 23 Nov 2004 17:44:42 -0500, Frank Pineau <frank at pineaus.com> wrote:
> On Tue, 23 Nov 2004 15:47:32 -0500, you wrote:
>
> >Another tool you can try is ettercap. It has a very nice arp poison
> >mode that can let you sniff all packets going through most switches
> >without having to mirror ports. While running ettercap if it sees a
> >telnet protocol it will grab the user id and password and dump it in a
> >window for you. You can also log the results.
> >
> >
> >The easy method though is to mirror his port and use ethereal.
>
> I don't normally recommend arp poisoning, especially for a neophyte, because
> it's so easy to do it wrong and hose your network.
>
If you can get root on his system then get a terminal session running
and run tcpdump port 23.
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list