SAP information sniffing - need help

[rivestp () metro ca]

Hello,

        This question is from a previous post i got that sent me to this interesting web page: 
http://www.cybsec.com/upload/bh-eu-07-nunez-di-croce-WP_paper.pdf. Basicly if you look at page 6 of the document, it 
shows a sniffing result and tells us about the username/password of SAP.

I have tried to reproduce this with Wireshark, filtering the traffic from my SAP server (using the ip as filter). I 
cant find the username, client_id or anything related to authentification. I would then think we are using SNC, but in 
fact we are not (i check the proprieties of the client).

Anyone who can give me links or a way to identify the username/client_id or password (that i will XOR) would greatly 
help me get SNC activated here (and also get rid of telnet & ftp :))


Appreciated

Philippe Rivest, Certified Ethical Hacker