Wireshark-users: [Wireshark-users] TCP Decoding differences between Ethereal 0.99 and Wireshark 0
I teach networking and security at a community college. When explaining
to students why they should bother to use ssh and not telnet I like to
show how easy it is to capture plain text passwords by firing up
Wireshark and doing a live demo. Sometimes a picture/demo is worth a
thousand words. Even though this is fairly common knowledge for
experience network/security folks, I find many people are shocked to see
just how easy it is.
At any rate, my demo consists of telneting to a router while running
Wireshark and logging in. I then use the follow the TCP stream option
to show that the password is easily exposed.
Except--when I follow the TCP stream with Ethereal 0.99, this works
great. However, when I do the same thing with Wireshark 0.99.3/4 (I've
tried 0.99.3 and just uninstalled/re-installed 0.99.4), the password
does not appear in the ASCII/Raw decoding screens. If I look at the
individual packets I can piece together the password. Also, if I use
Hex Dump option, it's not as easy to read as in 0.99 but you can see it.
Is there a preference change or something else from 0.99 to 0.99.3/4
that would explain this?
Thanks,
--Jim