Re: [CentOS] Using tcpdump to sniff telnet password

Fajar Priyanto wrote:

Hi all, As long as I can remember reading various articles/docs, they all say that telnet is not secure because all traffic is in clear text. Well, out of boredom, I try to sniff username and password from a telnet session.

The command I use: tcpdump tcp port 23 -vvv -w test.txt Then I read the result: strings test.txt

with wireshark, I easily see...

..... ..#..'.. .38400,38400....'.......VT100.................;.......!...test .test ..

where, test and test are the account and password of the dummy account I created.

you're not seeing it with `strings`, because its sent one character per packet as you type it.