Penetration Testing with dsniff

The ability to access the raw packets on a network interface (known as network sniffing), has long been an important tool for system and network administrators. For debugging purposes it is often helpful to look at the network traffic down to the wire level to see exactly what is being transmitted. Dsniff, as the name implies, is a network sniffer – but designed for testing of a different sort. Written by hacker Dug Song, dsniff is a package of utilities that includes code to parse many different application protocols and extract interesting information, such as usernames and passwords, web pages being visited, contents of email, and more. Additionally, it can be used to defeat the normal behaviour of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.

This article will just present the 13 utilities the dsniff package contains , with a brief description , and how to install it on a CentOs 5.x box . Each utility will link to an apropriate article that has already described his functionality (or will be presented in future articles ) .

Most importantly of course is to install the dsniff package . This package is not provided by defauld on CentOs distribution . The installation can be made through the EPEL repository , just use  :
yum  install  dsniff

Now let’s present the utilities that dsniff provides :

arpspoof	redirects packets on a LAN to defeat the host-isolating behaviour of the switch.
dnsspoof	forges replies to DNS queries.
dsniff	password sniffer with ability to handle FTP, Telnet, SMTP, HTTP, POP, poppas, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB,Oracle SQL*Net, Sybase and Microsoft SQL authentication info.
filesnarf	saves files sniffed from NFS traffic.
macof	causes LAN switch to fail-open (ie. Act as a hub and broadcast traffic to all hosts).
mailsnarf	saves email messages sniffed from SMTP and POP traffic.
msgsnarf	saves messages and chat sessions sniffed from most Instant Messenger protocols and IRC.
tcpkill	kills specified in-progress TCP connections.
tcpnice	slows down specified TCP connections.
urlsnarf	reports URLs sniffed from HTTP traffic.
webspy	sends sniffed URLs to your local Netscape browser, allowing you to browse in real-time along with the target.
sshmitm	proxies and sniffs SSH traffic redirected by dnsspoof, captures password logins and optionally allows hijacking interactive sessions.
webmitm	proxies and sniffs HTTP/HTTPS traffic redirected by dnsspoof, capturing SSL-encrypted logins and form submissions.

Links :

• Download dsniff tar from http://monkey.org/~dugsong/dsniff/

Compiling dsniff from source requires the following libraries :
libpcap , libpcap-devel , libnet , libnet-devel , libnids
yum install libpcap libpcap-devel libnet libnet-devel libnids

Note : The latest official release on the author’s website is 2.3. The newest release
maintained by the community is 2.4 and is available in many of the “extras”
repositories of popular Linux distributions.