Re: sniffing X traffic.

[Don Bailey <baileydl () mitre org>]

Another thing for a poor man to do is run tcpdump filtering on the X
port range (6000-6010), then take the capture file and use Ethereal to
look at the ascii in the particular tcp streams.  This is quick and
dirty but reveals plenty of info in the case of a remote xterm being the
sniffed X app.

Sincerely,

Don

Power Steve wrote:
> Hey all
>
> long time listener, first time caller.
>
> Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as
> X) traffic?  Im being a bit lame, my personal test lab is down atm, and I
> cant find anything on the net re sniffing and interpreting X traffic.
>
> If anyone would be so kind as to answer a specific question, could I see
> passwords etc in the traffic?
>
> thanks in advance.
>
> Steve Power
> Security Consultant
>
> Legal Disclaimer:-
>
> Please be aware that messages sent over
> the Internet may not be secure and should
> not be seen as forming a legally binding
> contract unless otherwise stated.
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

--
Don Bailey
Senior INFOSEC Engineer/Scientist
Secure Information Technology
The MITRE Corporation


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/