Yesterday I was reading the usual introductory security info stressing the importance of not sending passwords across the network in cleartext where they could be intercepted. I pondered how hard it would be to find a password that way. So I decided to try to capture my own password.
First I d/l and installed wireshark
# apt-get install wireshark
Then I ran wireshark from the command line as root so it would be able to open the network devices
In and among my usual web browsing I’ve been watching what sort of traffic flows on my network. Wireshark is a truly excellent sniffer. This weekend sometime I will setup a sniffer to follow all traffic on my network going to a website that I use that does not encrypt passwords and capture my own password. I suspect it will be a simple thing to do.
(UPDATE : It was simple…. https://bitznbitez.wordpress.com/2012/03/03/stealing-passwords-or-why-encrypted-connections-matter/ )