LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-19-2004, 11:35 AM   #1
pAn1k
Member
 
Registered: Jun 2004
Location: Cala city
Distribution: Suse 10.0; Debian 5.0 (Lenny) Fluxbox
Posts: 240

Rep: Reputation: 30
Talking reading ethereal output...


I was playing around with ethereal the other day. I would like to know how to look at the hexidecimal output and see the password for things like telnet. When i look at it I see things like "Password Verification" and "password" but the restis not so plain. I want to watch what some of my friends are doing on my home network to make sure their being good!; }

thanks for any help.
 
Old 11-19-2004, 12:15 PM   #2
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
hi there

hey i too was looking out for the same

for reading passwords easliy u caould also try out "ettercap"
http://ettercap.sourceforge.net/

do tell me when u get over that ethereal

regards
 
Old 11-19-2004, 12:40 PM   #3
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Telnet is an interactive protocol in that what you type goes over the network in real time.

So if I type my password: newbie

You won't see "newbie" in just 1 packet. It will send each letter as I type them. So what you'll see is:

packet---> n
packet---> e
packet---> w
packet---> b
packet---> i
packet---> e

When the server responds it does not have that constraint and can send phrases and whole pages of text at once and you'll see more text per packet depending on the MTU size and fragmentation needed for your network.

Just right click on one of the telnet packets in ethereal and select to follow the stream. It will try and lay out the sessions that you have captured so far in a human readable format. Just remember what the user types will more than not come out as a stream of individual characters.

Like the other poster mentioned there are programs that will do the thinking for you and try to parse out things like passwords. I tend to go for power over ease of use. Your call.

-b
 
Old 11-19-2004, 01:20 PM   #4
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
hey

but how do i follow that telnet stream

regards
 
Old 11-19-2004, 02:30 PM   #5
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Quote:
Originally posted by masand
hey

but how do i follow that telnet stream

regards
I'm not sure how to explain it further than I did above. What part of "right click a telnet packet in ethereal and then select the follow stream" is confusing to you? Sorry if I can't explain it clearer. Maybe someone else can help out here?

-b
 
Old 11-19-2004, 02:59 PM   #6
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
hey sorry for that

i can do that now
i am following up the required stream
but how do i go about reading streams of ssh?

regards
 
Old 11-19-2004, 03:26 PM   #7
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Using ethereal you can follow an ssh stream. But ethereal can not unencrypt the contents for you. Not even if you have the encryption key. There has been talk about adding this to ethereal but I know of no progress.

tcpdump has a feature for viewing inside of ESP packets if you supply the correct encyption key but I have never used this feature and can not comment on it's operation.

-b
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PS command output reading ilnli Linux - General 3 10-15-2012 02:31 PM
ethereal + packet capture reading guides ? kurrupt Linux - Networking 1 10-24-2005 12:34 PM
Input/output error when reading from CD-RW drive vrooje Linux - Newbie 2 02-17-2004 11:17 PM
Help reading TCPDUMP output BenCarlisle Linux - Networking 3 02-27-2003 02:35 PM
Ethereal (reading packet captures) MrGreg Linux - Networking 1 03-26-2002 07:18 PM


All times are GMT -5. The time now is 03:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration