Created: September 28th 2012
Last updated: May 1st 2020
Categories: Linux
Author: Marcus Fleuti

Howto :: Sniffing plain text usernames and password credentials using TCPDUMP linux command line tool

Tags: grep, Password, sniffing, tcpdump, username

Donate with

82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC

Simple plaintext credentials sniffing with tcpdump and grep

tcpdump port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20

Other useful tcpdump command:

Show network throughput

tcpdump -w - |pv -bert >/dev/null

See what traffic is mostly hitting you

tcpdump -i eth0 -n  | head

Get useful statistics from a previously recorded tcpdump output (file) -> Sorted by IP

tcpdump -nr capture.file | awk '{print }' | grep -oE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}' | sort | uniq -c | sort -n

December 9th 2020

Wordpress: Create password-protected page

September 16th 2019

blocklist.de iptables / ipset update script - How to automatically update your firewall with the IP set from blocklist.de

January 29th 2019

[SOLVED] Linux (bash/sh) HOWTO find and copy files based on file content + Exclude paths regex

July 15th 2018

Best way to store user passwords and verify them

February 21st 2014

Linux (bash) find specific file content in all files within a given directory

October 18th 2013

Wordpress :: Reset Administrator (root) Password directly on the MySQL Database using PHPMyAdmin

March 14th 2013

Categories

Money money money...