General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  17

                         1. Launch your e-mail application and retrieve your e-mail from the
                             POP3 server.
                         2. Using Telnet, open port 110 on your e-mail server’s address, and
                             enter USER <username> and PASS <password> to login to the e-
                             mail server. Enter quit to exit and return to Ettercap.
                         3   After you have authenticated manually or retrieved your e-mail,
                             change to the Ettercap window, click Start and select Stop
                             sniffing.
                         4. Click View and select Connections. This will bring up the list of
                             connections captured by Ettercap. Find the line in the Ettercap
                             display that matches the POP3 server that you connected to and
                             double-click on it. This will bring up a display showing the cap-
                             tured data from your client and from the server. Sample output
                             can be seen in Figure 1.3.

                 Figure 1.3 Ettercap Packet Capture


































                         Notice that Ettercap has captured the username and password that
                      you entered or that your e-mail program sent to the e-mail server. These
                      credentials have been sent and received in cleartext, and thus are read-
                      able by anyone actively monitoring the network either in local area



                                                                              www.syngress.com