tcpdump script

[brad]

Gerald wrote:

> Tcpdump isn't quite suited to a task like this.  You might try using
> dsniff, ngrep, or any of the password-specific tools listed at
>      http://neworder.box.sk/codebox.links.php?&key=sniff

I am trying to do it manually just for experience as opposed to using a sniffer.
It seems like tcpdump gives me what I want, but I don't know enough
scripting to parse the file for just the user/pass.

> You could also run John the Ripper on the shadow file directly (assuming
> they have a shadow file, of course):
> 
>     http://www.openwall.com/john/

They do not do their own engineering...it is outsourced, so I don't have
access to the server.  All I have is their user db with the original
passes, many of which have been changed of course.

Thanks,

Brad