This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decode telnet session information

0

Hello, I am using Wireshark for couples weeks. As I learning and searching the possibility... I would like to know If I can capture the password for a user created from a telnet.

Ok here is the scenario. I have modem/router doing test at home. I can login to the device via telnet and wireshark is able to find the username and password easily. After, I wanted to go furthers. If I create a new user for that device and with new password in the telnet session. Am I able to see the password.

For your information, I was able to the see the username and the password with asterix as I typed in telnet session.

I hope I am clear on my question. Let me know If you need more information. Thank you Binarylock

asked 30 Dec '12, 11:12

BinaryLock's gravatar image

BinaryLock
1112
accept rate: 0%


4 Answers:

1

If you're seeing asterisks in wireshark, it's probably because you're looking at what the server sent BACK to your telent client to display... Since most systems won't display a password for you as you type it (to prevent someone from looking over your shoulder and seeing it on the screen, etc), the server is sending you asterisks to display as you type the new password... for instance, if you wanted to set the password to "password", you would first send the letter 'p'. so you press 'p', it sends an asterisk. you press 'a' and it sends another, and so forth. To see the password, you'd look at the packets you send out, not the ones you get sent in return.

answered 31 Dec '12, 17:10

W-George's gravatar image

W-George
20226
accept rate: 0%

0

I would like to know If I can capture the password for a user created from a telnet.

yes.

wireshark is able to find the username and password easily.

as you were able to capture the password yourself, what is your question?

Regards
Kurt

answered 30 Dec '12, 14:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 30 Dec '12, 14:48

No. I mean after login to the telnet session. I create a new user. I would like to know if I can see the password for that new user at the same time.

(31 Dec '12, 09:35) BinaryLock

0

As you saw, Wireshark was able to capture and display your telnet session, so yes, you will be able to see the new username and password during the user account creation process when you type them in and they're transmitted across the network. Telnet sessions are not encrypted. You will be able to see everything that takes place during the Telnet session.

Is there more to your question? Because it seems like you could have answered this for yourself in a matter of seconds just by going ahead and creating the new user and observing the results in Wireshark. Are you really asking if someone else can sniff that password?

answered 31 Dec '12, 10:07

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Yes I did create a user and as I mention in my first question, I can see the new user name created in wireshark and but not the password (the password is display with asterix in wireshark log)

(31 Dec '12, 10:26) BinaryLock
1

How are you viewing this? Have you tried Follow TCP Stream?

The password characters you type are transmitted across the network, so they must be present in the Wireshark trace. If the remote system is echoing back asterisks, then the password characters might be alternating with the asterisk characters in the Wireshark trace.

The default view for Follow TCP Stream is to show the entire conversation, but you can switch that to show only traffic in one direction. It might help you find the password if you show only traffic from the client to the server.

(31 Dec '12, 10:45) Jim Aragon

0

Hello. Finally I was able to see the password for the new user too. Simple I had choose the option to read an entire conversation when I click Follow Tcp Stream. I retry severely times and it works very well.

Thank for everyone for your help.

answered 03 Jan '13, 21:48

BinaryLock's gravatar image

BinaryLock
1112
accept rate: 0%