From owner-freebsd-isp@FreeBSD.ORG  Tue Apr 13 23:28:44 2004
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B860516A4CE
	for <freebsd-isp@freebsd.org>; Tue, 13 Apr 2004 23:28:44 -0700 (PDT)
Received: from flash.mipk.kharkiv.edu (flash.mipk.kharkiv.edu
	[194.44.157.113])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0086343D1D
	for <freebsd-isp@freebsd.org>; Tue, 13 Apr 2004 23:28:42 -0700 (PDT)
	(envelope-from artem@mipk.kharkiv.edu)
Received: from mipk.kharkiv.edu (rainbow.mipk.kharkiv.edu [192.168.9.241])
	i3E6QkOL007799;	Wed, 14 Apr 2004 09:26:47 +0300 (EEST)
	(envelope-from artem@mipk.kharkiv.edu)
Message-ID: <407CD9A6.8000403@mipk.kharkiv.edu>
Date: Wed, 14 Apr 2004 09:26:46 +0300
From: Artyom Viklenko <artem@mipk.kharkiv.edu>
Organization: IIAT NTU "KhPI"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.5) Gecko/20031007
X-Accept-Language: ru, uk, en
MIME-Version: 1.0
To: John Fox <readbsd@mind.net>
References: <20040413180323.GA13554@mind.net>
In-Reply-To: <20040413180323.GA13554@mind.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-isp@freebsd.org
Subject: Re: tcpdump for sniffing POP3 -- methods ?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2004 06:28:44 -0000

Yet another tool - dsniff.
It shows pairs of username/password for
protocols such as pop3, ftp, telnet.

Take care about switched network media.
It is also actual for tcpdump, etc.
Run such programs on the server itself or
on the router between server ad all client machines.


John Fox wrote:
> We've got a Windows machine running IMail and authenticating
> POP3 from an NT Primary Domain Controller.
> 
> Our plan is to move these users over to our UNIX system, but we
> don't have a record of their passwords.  This means we need to
> either
> 
> 1) Grab them out of the files on the PDC. (I think this is
> not possible.)
> 
> 2) Obtain them by sniffing the POP3 traffic being sent
> to the Imail server.
> 

-- 
        Sincerely yours,
                          Artyom V. Viklenko.
======================================================
System Administrator            artem@mipk.kharkiv.edu
------------------------------------------------------
IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002
Phone: +38 (0572) 400026        Fax: +38 (057) 7062749
======================================================