Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] HASH data output tshark

From: norman <norman_khine@xxxxxxxxxxx>
Date: Tue, 21 Nov 2006 19:24:17 +0000 (GMT)
Hello,
Using ettercap, I have output like:

USER: xxxx.xxxxx  HASH: xxxx.xxxxx:"":"":B5868F57a
x3F34FC7C00000000000000000000000000000000:A109BED82C8BF6BE8A0E5EDFC42964CFE274Fa
x278CF27281E:116FB24C76E30E4A DOMAIN: ZZZZZZZ

Can the same output be generated from tshark, if so what should be the command?

Also, there seems to be loads of zeros in this hash, is it a true hash or would I need to pass other parameters in the tshark command to get the correct output or does this have to be done through ettercap - I think by setting smb_down - but I am not 100% sure how ;(

Here is my setup:

--
#tshark -v
TShark 0.99.4

Compiled with GLib 1.2.10, with libpcap 0.9.4, with libz 1.2.3, with libpcre
6.3, without UCD-SNMP or Net-SNMP, without ADNS, without Lua, without GnuTLS,
without Gcrypt, without Kerberos.

Running on Linux 2.6.17-gentoo-r7_r5_nims, with libpcap version 0.9.4.

Built using gcc 4.1.1 (Gentoo 4.1.1).

--

Network traffic is an authentication against Windows 2000 server with Active Directory

Any advise, will be much appreciated.

Cheers

Norman


The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider.