# capture network traffic using wireshark



## kirkcaine (Mar 5, 2008)

Hi all.
I've seen alot of failed login attempts on the Admin account during times when I'm asleep. The only time these occur is when the lan is connected to the outside.
So I've installed wireshark on the sbs2003 and I can see the ip and mac addresses coming in but I'm wanting to see what passwords they're trying.
Is this possible with wireshark - i'm pretty new to this tool or are there any other recommendations?

Thanks.


----------



## johnwill (Sep 26, 2002)

Look at the data in the packets when the login attempt occurs.


----------



## kirkcaine (Mar 5, 2008)

Hi John. Yeah I've tried looking at the data but it's all jumbled which I guess is from the ssl being that it's on port 443.


----------

