Penetration Testing with dsniff February 10, 2011Posted by Tournas Dimitrios in Linux admin tools.
The ability to access the raw packets on a network interface (known as network sniffing), has long been an important tool for system and network administrators. For debugging purposes it is often helpful to look at the network traffic down to the wire level to see exactly what is being transmitted. Dsniff, as the name implies, is a network sniffer – but designed for testing of a different sort. Written by hacker Dug Song, dsniff is a package of utilities that includes code to parse many different application protocols and extract interesting information, such as usernames and passwords, web pages being visited, contents of email, and more. Additionally, it can be used to defeat the normal behaviour of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.
This article will just present the 13 utilities the dsniff package contains , with a brief description , and how to install it on a CentOs 5.x box . Each utility will link to an apropriate article that has already described his functionality (or will be presented in future articles ) .
Most importantly of course is to install the dsniff package . This package is not provided by defauld on CentOs distribution . The installation can be made through the EPEL repository , just use :
yum install dsniff
Now let’s present the utilities that dsniff provides :
|arpspoof||redirects packets on a LAN to defeat the host-isolating behaviour of the switch.|
|dnsspoof||forges replies to DNS queries.|
|dsniff||password sniffer with ability to handle FTP, Telnet, SMTP, HTTP, POP, poppas, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB,Oracle SQL*Net, Sybase and Microsoft SQL authentication info.|
|filesnarf||saves files sniffed from NFS traffic.|
|macof||causes LAN switch to fail-open (ie. Act as a hub and broadcast traffic to all hosts).|
|mailsnarf||saves email messages sniffed from SMTP and POP traffic.|
|msgsnarf||saves messages and chat sessions sniffed from most Instant Messenger protocols and IRC.|
|tcpkill||kills specified in-progress TCP connections.|
|tcpnice||slows down specified TCP connections.|
|urlsnarf||reports URLs sniffed from HTTP traffic.|
|webspy||sends sniffed URLs to your local Netscape browser, allowing you to browse in real-time along with the target.|
|sshmitm||proxies and sniffs SSH traffic redirected by dnsspoof, captures password logins and optionally allows hijacking interactive sessions.|
|webmitm||proxies and sniffs HTTP/HTTPS traffic redirected by dnsspoof, capturing SSL-encrypted logins and form submissions.|
- Download dsniff tar from http://monkey.org/~dugsong/dsniff/
Compiling dsniff from source requires the following libraries :
libpcap , libpcap-devel , libnet , libnet-devel , libnids
yum install libpcap libpcap-devel libnet libnet-devel libnids
Note : The latest official release on the author’s website is 2.3. The newest release
maintained by the community is 2.4 and is available in many of the “extras”
repositories of popular Linux distributions.