tcpdump for sniffing POP3 -- methods ?
Adam Maloney
adamm at sihope.com
Tue Apr 13 11:37:35 PDT 2004
I've done this in the past. I had tcpdump spitting out all the dst port
110 packets to a file. Then a perl script with Net::TCPDump (or
whatever it's called) to parse it.
I will dig today and see if I can find some of this stuff.
On Tue, 2004-04-13 at 13:03, John Fox wrote:
> We've got a Windows machine running IMail and authenticating
> POP3 from an NT Primary Domain Controller.
>
> Our plan is to move these users over to our UNIX system, but we
> don't have a record of their passwords. This means we need to
> either
>
> 1) Grab them out of the files on the PDC. (I think this is
> not possible.)
>
> 2) Obtain them by sniffing the POP3 traffic being sent
> to the Imail server.
>
> I think #2 is the only possibility, and I haven't made much
> use of tcpdump, so while I do know how to run it and
> specify a host to listen to, I've no idea how to isolate
> the clear-text stuff (containing the usernames and passwords)
> from all the other traffic.
>
> Any suggestions would be greatly appreciated.
>
> With thanks and regards,
>
> -John
> --
> +---------------------------------------------------------------------------+
> | John Fox <jjf @ mind.net> | System Administrator | InfoStructure |
> +---------------------------------------------------------------------------+
> | I used to trust the media to tell me the truth, tell us the truth |
> | But now I've seen the payoffs everywhere I look |
> | Who can you trust when everyone's a crook? |
> | -- Queensryche, "Revolution Calling" |
> +---------------------------------------------------------------------------+
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
More information about the freebsd-isp
mailing list