4. Experiment Setup
Server
• Set telnet server (telnetd)
• Setup userid+pass
Client
• Execute: telnet server
• Enter: userid+password
• Execute some commands
& exit
2016 BR - Network Sniffing v.1.0 4
5. Capture with “tcpdump”
• Execute tcpdump (wireshark) on server /
client / attacker (on the same network) to
save in a file
tcpdump –n –s0 –w tcpdump.pcap port 23
(after session, ctrl-C)
• View & analyze “tcpdump.pcap”
– Follow tcpstream
– Show the captured “userid” + “password”
2016 BR - Network Sniffing v.1.0 5
6. Use “ngrep”
# ngrep 'USER|PASS'
interface: eth0 (167.205.22.128/255.255.255.224)
match: USER|PASS
##############
T 167.205.22.148:62045 -> 167.205.22.142:21 [AP]
USER kuliah..
####
T 167.205.22.148:62045 -> 167.205.22.142:21 [AP]
PASS takadayangtahu..
##############################^Cexit
48 received, 0 dropped
2016 BR - Network Sniffing v.1.0 6
7. Other Protocols
• Use the same technique for
– FTP
– POP
– SMTP
– DNS
– …
2016 BR - Network Sniffing v.1.0 7
8. Remarks
• Show how vulnerable some application
protocols
• List replacements of those protocols with
secure replacements
2016 BR - Network Sniffing v.1.0 8