Snort mailing list archives
RE: Problem to sniff 80, 110, 25 and 21 ports.
From: "O'Flynn, Derek" <DOFlyn () lsuhsc edu>
Date: Wed, 29 Oct 2003 16:11:08 -0600
Download dsniff, check www.insecure.org top 75 security tools, there's a link to it... It'll grab any password out of the traffic. You can do this also with tcpdump/snort, but it's a bit more complex. You could also try ngrep as well. It's a handy tool as well. Derek -----Original Message----- From: giochi [mailto:giochi () telvia it] Sent: Wednesday, October 29, 2003 3:33 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Problem to sniff 80, 110, 25 and 21 ports. Hi again list, thank you very much for yours intresting. The fact is that: my boss wants to see (on his server) the http,pop3,smtp and ftp user/pass of users. I try many solutions for this: - tcpdump tcp and port 80 or port 110 or port 21 or port 25 (as you suggest me) It works, but if I grep for USER or PASS into the output file genereted from tcpdump I can't see nothing. - snort -i eth0 -l prova (It works, but logs a lot of packets, and in one day of work I can reach over 300Mb of size file) - snort -i eth0 -l prova dst port 80 and port 25 and port 21 (It doesn't works) I see this error: Running in packet logging mode Log directory = prova Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: PCAP command: %s Fatal Error, Quitting.. Could we suggest me the right way for solve this things ? Thank you very much. Regards, Fabrizio -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.3 (GNU/Linux) mQGiBD6CJ8QRBACpDkW+4b3/LdE8YsT3FEM/MfH2k0NDxFKhedwYaGi5CzbU7KfM 1sD5KEwBONz2FQM+FIil2wuiVy0aLSnRmQHg6SMCFsGfjAG9Uc41hKpReTI/tG+s 39cX7q21oiE4n22yXpocqLFf0QFXQccHbQ2RzwTCiEPINUjcgXMszQsxXwCgqIDw IAcSTMx1jdX0gVPMnngMgT8EAJOTRWAoGlb1TfZvLqqPzgWoeQATHV4TQ19QYYv4 McqTRPDVVBKFveRrcVvAF269tDH8PBh3B06KPinMq+yQoQSKWbhg7oT00m9jvkmZ eU+XpAOpjvi0zFICFTDLag1iVp21NssUPc1XDUxfTpBzxoE+d9sFymCuLq1VhhFZ jxiPA/0XEyWx1M8RjPxZfS/RRJWKG/ibtViNHpTG9ZGrZow9WWm/5NXdk0AS8bIH 3jHcNpqDJNKHaO4zm5CTkCPBgGkgf9PqeeffKrpUtj1VNXqb+zCSXKF43YwYDVxi rX/6rNxpby0yQY+OJcJoke+NGCUfMyD2M7znS8bzzm6rWIvkArQ8RmFicml6aW8g UmVnYWxsaSAoVW5peCBTeXN0ZW0gQWRtaW5pc3RyYXRvcikgPGZhYkB0ZWx2aWEu aXQ+iFkEExECABkFAj6CJ8UECwcDAgMVAgMDFgIBAh4BAheAAAoJEHjh0f/fOEdn VbEAn15x05/obw6ipPf4UHZXfu5sX4n3AJ0ZGR8apSUVqj15YuvJf3K+hZNU5A== =jDBs -----END PGP PUBLIC KEY BLOCK----- ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem to sniff 80, 110, 25 and 21 ports. giochi (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. Matt Kettler (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. giochi (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. Mike Cojocea (Oct 29)
- <Possible follow-ups>
- Problem to sniff 80, 110, 25 and 21 ports. giochi (Oct 29)
- RE: Problem to sniff 80, 110, 25 and 21 ports. O'Flynn, Derek (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. Matt Kettler (Oct 29)