tcpdump script
Mailing List Account for Jason Runyan
jrunyan.lists at dms.nwcg.gov
Thu May 29 18:31:14 CDT 2003
On Thursday 29 May 2003 12:51, brad wrote:
> I have an ISP that does not have a record of their user's passwords and
> we are converting them over to our system in a month. I need to run a
> script that will capture all pop3 passwords over the next month so I can
> have a good record to enter into our system. I started out using
> tcpdump port 110 -w <file> and then use strings on the file. I can see
> all the USER lines and the PASS lines, but I don't know how to rework
> the file to get USER/PASS in a readable and matched form. I also need
> to keep the file from storin all the other lines it captures so that my
> file doesn't grow so large. Any ideas?
>
> Thanks in advance,
>
> Brad
grep and awk filtering at run time of tcpdump. something like:
tcpdump eth# | grep -E <pattern> | awk -F <seperator> {'print $col# $col# ..'}
--
Pure drivel tends to drive ordinary drivel off of the TV screen.
More information about the Kclug
mailing list