Network Sniffing with tcpdump

Tim NgenoTim Ngeno
2 min read

Table of contents

Ever wondered how the internet, with all its memes, cat videos, and online shopping, keeps your credit card details or email passwords safe? That's all thanks to the magic of network security. Imagine a world where, every time you send a message or buy something online, a sneaky eavesdropper is grabbing all that info. Not cool, right?

Now, let's dive deep into a practical scenario. If you've got a network script, and you want to see what kind of info it's sending out, here's a step-by-step guide on how to do just that:

Steps to Extract Passwords from Network Traffic

1. Capture the Network Traffic

Before anything else, you need to "listen in" on the network traffic generated by your script. To do this magic trick, we use tcpdump. Fire up your terminal and type:

sudo tcpdump -i any -w output.pcap

What this does is capture all traffic from every network interface and dump it into a file named output.pcap.

2. Run the Script

Script: user_authenticating_into_server

With tcpdump doing its thing, run your user_authenticating_into_server , script in a different terminal window:

./user_authenticating_into_server

Let the script do its job till it's done.

3. Analyze the Captured Traffic

Done with the capture? Stop tcpdump (hit Ctrl+C). Now, to the fun part: sifting through the data.

tcpdump -r output.pcap -A

This decodes the captured packets, showing you the human-readable parts.

4. Look for the Password

Get your detective hat on. Scan the decoded data for patterns that smell like username/password pairs or any sequence that screams "password". A good clue? Lines like "Authentication failed: Bad username / password".

5. Record the Password

Found something that looks like a password? Note it down or save it somewhere safe. You're going to need it.

6. Decode the Password

If you suspect the password is Base64 encoded, it's time to decode it. Here's a quick Python trick to do just that:

import base64

encoded_password = "YOUR_BASE64_ENCODED_PASSWORD"
decoded_password = base64.b64decode(encoded_password).decode()
print(decoded_password)

Or simply use the builtin Linux base64 utility:

echo -n "YOUR_BASE64_ENCODED_PASSWORD" | base64 -d

Replace YOUR_BASE64_ENCODED_PASSWORD with the password you found.

This write-up is based on a project completed as part of the software engineering program at ALX.

Remember, never snoop on networks you don't have permission to access. Use these powers for good. Happy hacking!

0
Subscribe to my newsletter

Read articles from Tim Ngeno directly inside your inbox. Subscribe to the newsletter, and don't miss out.

networksecuritynetwork securityTcpdump, Network Troubleshooting, Network Security, Packet Analysis, Command-Line Tool, Network Traffic Capture, Network Traffic Analysis, Real-time Analysis, Packet-level Analysis, Customizable Filters and Options

Written by

Tim Ngeno
Tim Ngeno

Software Engineering student at ALX