On Mon, 3 Feb 2003 at 12:12pm (+1000), Peter Kiem wrote:
> I'm going to be changing the mailserver configuration next week but I need
> to know all my user's POP3 passwords so I can do the conversion.
What sort of mail config are you going from/to that requires you to change
the way your passwords are stored and/or handled?
>
> So far I have worked out I can run the following to get a dump of the POP3
> traffic to look for the PASS commands:
>
> tcpdump -n -x -s 1514 tcp port 110 and dst host my.ad.dr.es
>
>
> Does anyone know any scripts/programs that I can feed the output of
> tcpdump into so I can filter out and record the packets that contain the
> PASS command?
>
A bit q&d but something like....
tcpdump -n -X -s 1514 tcp port 110 and dst host my.ad.dr.es |
perl -p -e 's/^.*\t(.*)\n/$1/; s/^(\d\d:)/\n$1/' |
grep -B 1 -E 'USER|PASS'
... or if an older tcpdump without a big X option....
tcpdump -n -X -s 1514 tcp port 110 and dst host my.ad.dr.es |
perl -p -e 's/^.*\t(.*)\n/$1/ && s/\s+//g &&
s/([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg &&
s/([\000-\011\013-\037])/./g;
s/^(\d\d:)/\n$1/' |
grep -B 1 -E 'USER|PASS'
I'm sure you could use perl to find the USER and PASS stuff directly... I
just it as a more generic solution that I can do other things to...
M.
--
WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company
Level 5, 100 Wickham St. Network Operations - Systems Engineer
PO Box 930, Fortitude Valley. phone: +61 7 3249 2552
Queensland, Australia 4006. pgp key id: 0x900E515F
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
