Re: tcpdump for sniffing POP3 -- methods ?
From: Adam Maloney (adamm_at_sihope.com)
Date: 04/13/04
- Previous message: Josh Paetzel: "Re: tcpdump for sniffing POP3 -- methods ?"
- In reply to: John Fox: "tcpdump for sniffing POP3 -- methods ?"
- Next in thread: Bill Campbell: "Re: tcpdump for sniffing POP3 -- methods ?"
- Reply: Bill Campbell: "Re: tcpdump for sniffing POP3 -- methods ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: John Fox <readbsd@mind.net> Date: Tue, 13 Apr 2004 13:37:32 -0500
I've done this in the past. I had tcpdump spitting out all the dst port
110 packets to a file. Then a perl script with Net::TCPDump (or
whatever it's called) to parse it.
I will dig today and see if I can find some of this stuff.
On Tue, 2004-04-13 at 13:03, John Fox wrote:
> We've got a Windows machine running IMail and authenticating
> POP3 from an NT Primary Domain Controller.
>
> Our plan is to move these users over to our UNIX system, but we
> don't have a record of their passwords. This means we need to
> either
>
> 1) Grab them out of the files on the PDC. (I think this is
> not possible.)
>
> 2) Obtain them by sniffing the POP3 traffic being sent
> to the Imail server.
>
> I think #2 is the only possibility, and I haven't made much
> use of tcpdump, so while I do know how to run it and
> specify a host to listen to, I've no idea how to isolate
> the clear-text stuff (containing the usernames and passwords)
> from all the other traffic.
>
> Any suggestions would be greatly appreciated.
>
> With thanks and regards,
>
> -John
> --
> +---------------------------------------------------------------------------+
> | John Fox <jjf @ mind.net> | System Administrator | InfoStructure |
> +---------------------------------------------------------------------------+
> | I used to trust the media to tell me the truth, tell us the truth |
> | But now I've seen the payoffs everywhere I look |
> | Who can you trust when everyone's a crook? |
> | -- Queensryche, "Revolution Calling" |
> +---------------------------------------------------------------------------+
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Josh Paetzel: "Re: tcpdump for sniffing POP3 -- methods ?"
- In reply to: John Fox: "tcpdump for sniffing POP3 -- methods ?"
- Next in thread: Bill Campbell: "Re: tcpdump for sniffing POP3 -- methods ?"
- Reply: Bill Campbell: "Re: tcpdump for sniffing POP3 -- methods ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
