Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Apr 2004 13:37:32 -0500
From:      Adam Maloney <adamm@sihope.com>
To:        John Fox <readbsd@mind.net>
Cc:        freebsd-isp@freebsd.org
Subject:   Re: tcpdump for sniffing POP3 -- methods ?
Message-ID:  <1081881451.14526.77.camel@unixws1>
In-Reply-To: <20040413180323.GA13554@mind.net>
References:  <20040413180323.GA13554@mind.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I've done this in the past.  I had tcpdump spitting out all the dst port
110 packets to a file.  Then a perl script with Net::TCPDump (or
whatever it's called) to parse it.

I will dig today and see if I can find some of this stuff.

On Tue, 2004-04-13 at 13:03, John Fox wrote:
> We've got a Windows machine running IMail and authenticating
> POP3 from an NT Primary Domain Controller.
> 
> Our plan is to move these users over to our UNIX system, but we
> don't have a record of their passwords.  This means we need to
> either
> 
> 1) Grab them out of the files on the PDC. (I think this is
> not possible.)
> 
> 2) Obtain them by sniffing the POP3 traffic being sent
> to the Imail server.
> 
> I think #2 is the only possibility, and I haven't made much
> use of tcpdump, so while I do know how to run it and 
> specify a host to listen to, I've no idea how to isolate
> the clear-text stuff (containing the usernames and passwords)
> from all the other traffic.
> 
> Any suggestions would be greatly appreciated.
> 
> With thanks and regards,
> 
> -John
> --
> +---------------------------------------------------------------------------+
> | John Fox <jjf @ mind.net>    |   System Administrator   | InfoStructure   |
> +---------------------------------------------------------------------------+
> | I used to trust the media to tell me the truth, tell us the truth         |
> | But now I've seen the payoffs everywhere I look                           |
> | Who can you trust when everyone's a crook?                                |
> |             -- Queensryche, "Revolution Calling"                          |
> +---------------------------------------------------------------------------+
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1081881451.14526.77.camel>