Wireshark · Ethereal-users: Re: [Ethereal-users] New to capturing, ? about http authorizations

Ethereal-users: Re: [Ethereal-users] New to capturing, ? about http authorizations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Breen Mullins <bmullins@xxxxxxxxxx>

Date: Fri, 10 Dec 2004 08:18:56 -0800

On Fri, 2004-12-10 at 08:09 -0600, Mike Partyka wrote:

> My question is since http is not secure, and authorization is required to
> get that company list, when i run an http capture (tcpdump host 192.168.10.1
> and port 80) on my laptop and then do a manual sync, i don't ever see any
> account information and password being sent. How can this be? I know the
> authentication is occuring but i'm not seeing it.

tcpdump won't (by default) show enough detail to see the authentication 
credentials. Try it in ethereal. You should see the TCP handshake,
followed by the browser requesting the page. The server will respond
with a 401 Unauthorized message. The browser then requests the page
again, adding an Authorization header to the request. The username 
and password are Base64 encoded -- ethereal will decode that for you.

Regards,

Breen

-- 
Breen Mullins                      408-435-8401x123       
SQA Engineer                       0xde05499b          
Asante Technologies, Inc.

Follow-Ups:
- RE: [Ethereal-users] New to capturing, ? about http authorizations
  - From: Mike Partyka

References:
- [Ethereal-users] New to capturing, ? about http authorizations
  - From: Mike Partyka

Prev by Date: RE: [Ethereal-users] FTP downtime
Next by Date: RE: [Ethereal-users] New to capturing, ? about http authorizations
Previous by thread: [Ethereal-users] New to capturing, ? about http authorizations
Next by thread: RE: [Ethereal-users] New to capturing, ? about http authorizations
Index(es):
- Date
- Thread