Simple commands a ran to herd some sheeps at the wall that worked pretty well.
WORKS:
dsniff -p <pcap filename> | grep "PASS" -A 5 -B 5 (note: or "USER", be creative)
tcpdump -i eth0 -C 500000 -s 65535 -w <pcap filename>
You'll have to come up with your own strategy on how to efficiently get your pcaps and analyzing them without bogging your laptop too much. speed, efficiency and accuracy.
I'm planning to see if I can combine all the tools in one automated WoS specific sniffer for next year. It might come out ghetto style but who cares as long as it herds sheep, spread the word and make people believe that it is not a joke. Security Awareness for the Flock.
other toolz:
rawshark
tshark
capinfos
driftnet
==================
3- driftnet
4- msgsnarf
5- mailsnarf
6- urlsnarf
Info needed to submit herded sheep:
1. IP Address
2. Protocol
3. Username
4. Password