Menü schliessen
Created: September 28th 2012
Last updated: May 1st 2020
Categories: Linux
Author: Marcus Fleuti

Howto :: Sniffing plain text usernames and password credentials using TCPDUMP linux command line tool

Tags:  grep,  Password,  sniffing,  tcpdump,  username
Donation Section: Background
Monero Badge: QR-Code
Monero Badge: Logo Icon Donate with Monero Badge: Logo Text
82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC

Simple plaintext credentials sniffing with tcpdump and grep

tcpdump port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20

Other useful tcpdump command:

Show network throughput

tcpdump -w - |pv -bert >/dev/null

See what traffic is mostly hitting you

tcpdump -i eth0 -n  | head

Get useful statistics from a previously recorded tcpdump output (file) -> Sorted by IP

tcpdump -nr capture.file | awk '{print }' | grep -oE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}' | sort | uniq -c | sort -n