From owner-freebsd-isp@FreeBSD.ORG Tue Apr 13 11:37:35 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E95816A4FB for ; Tue, 13 Apr 2004 11:37:35 -0700 (PDT) Received: from unix18.sihope.com (unix18.sihope.com [207.195.195.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED56643D1F for ; Tue, 13 Apr 2004 11:37:34 -0700 (PDT) (envelope-from adamm@sihope.com) Received: from unixws1 (unixws1.sihope.com [207.195.195.190]) by unix18.sihope.com (8.12.10/8.12.10) with ESMTP id i3DIbWS0082210; Tue, 13 Apr 2004 13:37:32 -0500 (CDT) (envelope-from adamm@sihope.com) From: Adam Maloney To: John Fox In-Reply-To: <20040413180323.GA13554@mind.net> References: <20040413180323.GA13554@mind.net> Content-Type: text/plain Message-Id: <1081881451.14526.77.camel@unixws1> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Tue, 13 Apr 2004 13:37:32 -0500 Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: tcpdump for sniffing POP3 -- methods ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 18:37:35 -0000 I've done this in the past. I had tcpdump spitting out all the dst port 110 packets to a file. Then a perl script with Net::TCPDump (or whatever it's called) to parse it. I will dig today and see if I can find some of this stuff. On Tue, 2004-04-13 at 13:03, John Fox wrote: > We've got a Windows machine running IMail and authenticating > POP3 from an NT Primary Domain Controller. > > Our plan is to move these users over to our UNIX system, but we > don't have a record of their passwords. This means we need to > either > > 1) Grab them out of the files on the PDC. (I think this is > not possible.) > > 2) Obtain them by sniffing the POP3 traffic being sent > to the Imail server. > > I think #2 is the only possibility, and I haven't made much > use of tcpdump, so while I do know how to run it and > specify a host to listen to, I've no idea how to isolate > the clear-text stuff (containing the usernames and passwords) > from all the other traffic. > > Any suggestions would be greatly appreciated. > > With thanks and regards, > > -John > -- > +---------------------------------------------------------------------------+ > | John Fox | System Administrator | InfoStructure | > +---------------------------------------------------------------------------+ > | I used to trust the media to tell me the truth, tell us the truth | > | But now I've seen the payoffs everywhere I look | > | Who can you trust when everyone's a crook? | > | -- Queensryche, "Revolution Calling" | > +---------------------------------------------------------------------------+ > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >