Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
DSniff
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Packet sniffer}} {{lowercase|title=dsniff}} {{Infobox software |name = dsniff |developer = [[Dug Song]] |latest_release_date ={{release date and age|2000|12|17}} |latest release version = 2.3 |operating_system = [[Unix-like]] |genre = [[Packet sniffer]] |license = 3-clause [[BSD License]]<ref>LICENSE file in the tarball</ref> |website = {{URL|http://www.monkey.org/~dugsong/dsniff/}} }} '''dSniff''' is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g., due to layer-2 switching). sshmitm and webmitm implement active [[Man-in-the-middle attack|man-in-the-middle]] attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.<ref>[http://www.monkey.org/~dugsong/dsniff/ dsniff]</ref><ref name=Russel2001>{{cite web|author=Christopher R. Russel|title=Penetration Testing with dsniff|url=http://www.ouah.org/dsniffintr.htm}}</ref> ==Overview== The applications sniff usernames and passwords, web pages being visited, contents of an email, etc. As the name implies, dsniff is a network [[Packet analyzer|sniffer]], but it can also be used to disrupt the normal behavior of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on. It handles [[FTP]], [[Telnet]], [[SMTP]], [[HTTP]], [[Post Office Protocol|POP]], poppass, [[NNTP]], [[IMAP]], [[Simple Network Management Protocol|SNMP]], [[LDAP]], [[Rlogin]], [[Routing information protocol|RIP]], [[OSPF]], [[PPTP]] [[Challenge-handshake authentication protocol|MS-CHAP]], [[Network File System (protocol)|NFS]], [[VRRP]], [[Network Information Service|YP/NIS]], [[SOCKS]], [[X11]], [[Concurrent Versions System|CVS]], [[IRC]], [[AOL Instant Messenger|AIM]], [[ICQ]], [[Napster]], [[PostgreSQL]], [[Meeting Maker]], [[Citrix ICA]], [[PcAnywhere|Symantec pc Anywhere]], NAI Sniffer, [[Microsoft]] [[Server Message Block|SMB]], [[Oracle Corporation|Oracle]] [[Oracle Database|SQL*Net]], [[Sybase]] and [[Microsoft SQL]] protocols. The name "dsniff" refers both to the package as well as an included tool. The "dsniff" tool decodes passwords sent in [[cleartext]] across a [[Network switch|switched]] or unswitched [[Ethernet]] network. Its [[man page]] explains that Dug Song wrote dsniff with "honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols." He then requests, "Please do not abuse this software." These are the files that are configured in dsniff folder '''/etc/dsniff/''' ;/etc/dsniff/dnsspoof.hosts : Sample hosts file.<ref>[http://linux.die.net/man/8/dnsspoof dnsspoof(8) - Linux man page]</ref> :If no host file is specified, replies will be forged for all address queries on the LAN with an answer of the local machine’s IP address. ;/etc/dsniff/dsniff.magic : Network protocol magic ;/etc/dsniff/dsniff.services : Default trigger table The man page for dsniff explains all the flags. To learn more about using dsniff, you can explore the Linux man page.<ref>[http://linux.die.net/man/8/dsniff dsniff(8): password sniffer - Linux man page]</ref> This is a list of descriptions for the various dsniff programs. This text belong to the dsniff “README” written by the author, Dug Song. {{bulleted list | arpspoof ([[ARP spoofing]]): Redirect packets from a target host (or all hosts) on the LAN intended for another local host by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch. kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter [[Emoticon|:-)]] must be turned on ahead of time. | dnsspoof: Forge replies to arbitrary DNS address / pointer queries on the LAN. this is useful in bypassing hostname-based access controls, or in implementing a variety of man-in-the middle attacks (HTTP, HTTPS, SSH, Kerberos, etc.). | [[tcpkill]]: Kills specified in-progress [[Transmission Control Protocol|TCP]] connections (useful for libnids-based applications which require a full [[Transmission Control Protocol|TCP]] 3-whs for TCB creation). Can be effective for [[bandwidth control]]. | filesnarf<ref name=Russel2001 /> |mailsnarf<ref name=Russel2001 /> |tcpnice<ref name=Russel2001 /> |urlsnarf<ref name=Russel2001 /> | webspy:<ref name=Russel2001 /> a program which intercepts URLs sent by a specific IP address and directs your web browser to connect to the same URL. This results in your browser opening up the same web pages as the target being sniffed. | sshmitm and webmitm:<ref name=Russel2001 /> programs designed to intercept [[Secure shell|SSH]] version 1 communications and web traffic respectively with a [[Man in the middle attack|man-in-the-middle attack]] | msgsnarf:<ref name=Russel2001 /> a program designed to intercept [[Instant Messenger]] and [[IRC]] conversations | macof:<ref name=Russel2001 /> a program designed to break poorly designed [[Network switch|Ethernet switch]]es by flooding them with packets with bogus [[MAC address]]es ([[MAC flooding]]). }} ==See also== {{Portal|Free and open-source software}} *[[Comparison of packet analyzers]] *[[Etherape|EtherApe]], a network mapping tool that relies on sniffing traffic *[[netsniff-ng]], a free Linux networking toolkit *[[Network tap]] *[[Ngrep]], a tool that can match regular expressions within the network packet payloads *[[tcpdump]], a [[packet analyzer]] *[[Tcptrace]], a tool for analyzing the logs produced by tcpdump *[[Wireshark]], a GUI based alternative to tcpdump == References == {{reflist}} ==External links== *[http://www.monkey.org/~dugsong/dsniff/ Official website] *Dunston, Duane, Linuxsecurity.com, “And away we spoof!!!” http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf {{DEFAULTSORT:Dsniff}} [[Category:Network analyzers]] [[Category:Password cracking software]] [[Category:Free network management software]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Bulleted list
(
edit
)
Template:Cite web
(
edit
)
Template:Infobox
(
edit
)
Template:Infobox software
(
edit
)
Template:Lowercase
(
edit
)
Template:Main other
(
edit
)
Template:Portal
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Template other
(
edit
)