jump to navigation

Penetration Testing with dsniff February 10, 2011

Posted by Tournas Dimitrios in Linux admin tools.

The ability to access the raw packets on a network interface (known as network sniffing), has long been an important tool for system and network administrators. For debugging purposes it is often helpful to look at the network traffic down to the wire level to see exactly what is being transmitted. Dsniff, as the name implies, is a network sniffer – but designed for testing of a different sort. Written by hacker Dug Song, dsniff is a package of utilities that includes code to parse many different application protocols and extract interesting information, such as usernames and passwords, web pages being visited, contents of email, and more. Additionally, it can be used to defeat the normal behaviour of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.

This article will just present the 13 utilities the dsniff package contains , with a brief description , and how to install it on a CentOs 5.x box . Each utility will link to an apropriate article that has already described his functionality (or will be presented in future articles ) .

Most importantly of course is to install the dsniff package . This package is not provided by defauld on CentOs distribution . The installation can be made through the EPEL repository , just use  :
yum  install  dsniff

Now let’s present the utilities that dsniff provides :

arpspoof redirects packets on a LAN to defeat the host-isolating behaviour of the switch.
dnsspoof forges replies to DNS queries.
dsniff password sniffer with ability to handle FTP, Telnet, SMTP, HTTP, POP, poppas, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB,Oracle SQL*Net, Sybase and Microsoft SQL authentication info.
filesnarf saves files sniffed from NFS traffic.
macof causes LAN switch to fail-open (ie. Act as a hub and broadcast traffic to all hosts).
mailsnarf saves email messages sniffed from SMTP and POP traffic.
msgsnarf saves messages and chat sessions sniffed from most Instant Messenger protocols and IRC.
tcpkill kills specified in-progress TCP connections.
tcpnice slows down specified TCP connections.
urlsnarf reports URLs sniffed from HTTP traffic.
webspy sends sniffed URLs to your local Netscape browser, allowing you to browse in real-time along with the target.
sshmitm proxies and sniffs SSH traffic redirected by dnsspoof, captures password logins and optionally allows hijacking interactive sessions.
webmitm proxies and sniffs HTTP/HTTPS traffic redirected by dnsspoof, capturing SSL-encrypted logins and form submissions.

Links :

Compiling dsniff from source requires the following libraries :
libpcap , libpcap-devel , libnet , libnet-devel , libnids
yum install libpcap libpcap-devel libnet libnet-devel libnids

Note : The latest official release on the author’s website is 2.3. The newest release
maintained by the community is 2.4 and is available in many of the “extras”
repositories of popular Linux distributions.


1. Rahul makhija - August 6, 2012

No package libnids available.
Nothing to do. ):

tournasdimitrios1 - August 6, 2012

@Rahul makhija
For a CentOs 5.** Box ,the installation can be made through the EPEL repository .
Have you tried rpmfind ? What is your distro ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s