0

I capture data from telnet using tcpdump. Command:

tcpdump port http or port ftp or port smtp or port imap or port telnet -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20

But tcpdump doesn't capture any passwords or logins. I have a telnet server on my Fedora laptop. Does anyone know the reason why tcpdump doesn't capture it on the forums I read that it is "Here is quick example to sniff passwords using egrep"

Monterisko
  • 21
  • 1
  • 7

1 Answers1

0

Like this:

tcpdump -A port telnet

But better use wireshark -> 'follow TCP stream'

-A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages.

Gilles Quénot
  • 173,512
  • 41
  • 224
  • 223
  • I know that wireshark is better but I have to do this task with tcpdump. Unfortunately, after changing to "tcpdump -A port telnet | egrep -i 'pass = | pwd = | log = | login = | user = | username = | pw = | passw = | passwd = | password = | pass: | user: | username: | password: | login: | pass | user '--color = auto --line-buffered -B20 " still no results – Monterisko Jun 15 '20 at 13:32
  • Maybe your `grep` if bad crafted. Try without `grep` – Gilles Quénot Jun 15 '20 at 13:38
  • Maybe: `tcpdump -A port telnet | egrep -i pass` – Gilles Quénot Jun 15 '20 at 13:42
  • 1
    However, it works only I had to change it, it means that tcp dump was listening on the server and on Ubuntu I was connecting with telnet but even though he sees that he is entering the login and password he is not writing their contents are empty – Monterisko Jun 15 '20 at 14:07