Easy capturing Telnet Password using Wireshark Packet Sniffer

Easy capturing Telnet Password using Wireshark Packet Sniffer

Wireshark is a freeware, open-source packet-sniffer and can be downloaded from www.wireshark.org/download.html  (size:17 MB). Steps to capture telnet passwords using this software are mentioned below:

1. First connect to the LAN segment where passwords are sent using a Hub etc or any other medium where you are able to get telnet packets (as Hub repeats all packets on all ports, except receiving port).

2. Then open Wireshark and on top-left pane, click your interface connecting to that LAN segment (like your Fastethernet interface) and live capture will start.

3. In the Wireshark window, you will see many columns like source, destination, protocol and info etc. In ‘Protocol’ column, you will see written ‘TELNET’. Right-click on that and click ‘Follow TCP Stream’, This step will show you an output like this

...............

...............

User Access Verification

Password: .............P..............ANSI..cisco1

Router>eenn

Password: cisco2

Router#sshhooww  iipp  iinntt  bbrr

Interface               IP-Address     OK?      Status    Protocol

FastEthernet0/0   10.0.0.1           YES      up           up     

FastEthernet0/1   unassigned     YES    up           up   

Router#

 

As you can see, it is not only showing the login and enable secret password, but also the complete session whatever the administrator is doing. In above example, cisco1 is the login password and cisco2 is enable secret password. Also, remember that this output will show some text doubled like “show ip int br” command, but it can still be easily understood.

            So, afraid of using Telnet in your network. Instead of Telnet, use SSH. Refer to post Easy enabling Secure Shell (SSH) on Cisco Routers and Switches for start using SSH on your device).