Ethereal-users: Re: [Ethereal-users] New to capturing, ? about http authorizations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jonathan Sanders <jonathan@xxxxxxxxxxxxx>
Date: Fri, 10 Dec 2004 12:00:01 -0600
I do a

tcpdump -nt -X -s1500 'filter expression here'

for whenever I need to get the actual packet data from tcpdump....

Just my $.02.

Mike Partyka wrote:
Could i make tcpdump capture the necessary detail by using the snaplen
option, like:

tcpdump -s 0 -w tcp_cap 'dst host 192.168.10.1 && tcp port 80'

Or is it necessary to use the verbose switches like -v -vv or -vvv, like

tcpdump -vvv -s 0 tcp_cap 'dst host 192.168.10.1 && tcp port 80'

I know this isn't an ethereal question directly but since tcpdump is on
almost every box it's handy for performing the capure and then analying the
capture in ethereal.

Thanks,

Mike Partyka
Stonepath Logistics
Systems Administrator
(651)405-4300 Desk
(651)208-5734 Cell
(651)405-4342 Fax


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Breen Mullins
Sent: Friday, December 10, 2004 10:19 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] New to capturing, ? about http
authorizations


On Fri, 2004-12-10 at 08:09 -0600, Mike Partyka wrote:


My question is since http is not secure, and authorization is required to
get that company list, when i run an http capture (tcpdump host

192.168.10.1

and port 80) on my laptop and then do a manual sync, i don't ever see any
account information and password being sent. How can this be? I know the
authentication is occuring but i'm not seeing it.


tcpdump won't (by default) show enough detail to see the authentication
credentials. Try it in ethereal. You should see the TCP handshake,
followed by the browser requesting the page. The server will respond
with a 401 Unauthorized message. The browser then requests the page
again, adding an Authorization header to the request. The username
and password are Base64 encoded -- ethereal will decode that for you.

Regards,

Breen



--
Breen Mullins                      408-435-8401x123
SQA Engineer                       0xde05499b
Asante Technologies, Inc.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users