Need a sniffer/password capture to prove telnet is bad
Scot L. Harris
webid at cfl.rr.com
Tue Nov 23 20:47:32 UTC 2004
On Tue, 2004-11-23 at 15:28, Frank Pineau wrote:
> On Tue, 2004-11-23 at 15:06 -0500, Alex Evonosky wrote:
> > Matthew Miller wrote:
> >
> > >>Ethereal can capture that just fine in promisc mode...
> > >
> > >
> > > But, if it's a switched network, you'll need to actually be somewhere in the
> > > path his packets are travelling.
> > >
> >
> > not unless you have access to the switch and issue a spanning-tree
> > session.. Then you can monitor ANY port on that switch.
>
>
> If you can't port-mirror (span tree, SNAP, etc), simply putting a hub
> inline (say, off the inside interface of your firewall...) and plugging
> your sniffer into that hub would work nicely.
Another tool you can try is ettercap. It has a very nice arp poison
mode that can let you sniff all packets going through most switches
without having to mirror ports. While running ettercap if it sees a
telnet protocol it will grab the user id and password and dump it in a
window for you. You can also log the results.
The easy method though is to mirror his port and use ethereal.
--
Scot L. Harris
webid at cfl.rr.com
Tis man's perdition to be safe, when for the truth he ought to die.
More information about the users
mailing list