jump to navigation

Password Sniffing with “dsniff” on the Local Network March 4, 2011

Posted by Tournas Dimitrios in Linux admin tools.

The dsniff tool is a member of the Dsniff suit toolset , it’s an advanced password sniffer that recognizes several different protocols, including TELNET, FTP, SMTP, Post Office Protocol (POP), Internet Message Access Protocol (IMAP), HTTP, CVS, Citrix, Server Message Block (SMB), Oracle, and many others. Whereas other sniffers such as Wireshark will give you tons of additional information about the connection and the individual packets , you use dsniff if all you want are usernames and passwords.

The only  argument that dsniff can use is a tcpdump packet-filter expression so that you can specify what kind of traffic you want to sniff for passwords.

-i interface Specify the interface to listen on.
-p pcapfile Rather than processing the contents of packets observed upon the
network process the given PCAP capture file.
-r savefile Read sniffed sessions from a savefile created with the -w
-w file Write sniffed sessions to savefile rather than parsing and
printing them out.
-m Enable automatic protocol detection.
-t trigger[,…] Load triggers from a comma-separated list, specified as
port/proto=service (e.g. 80/tcp=http).
-s snaplen Analyze at most the first snaplen bytes of each TCP connection,
rather than the default of 1024.

Steps to follow :

  1. First an MIT attack must be implemented with “arpspoof
    Don’t forget to enable IP forwarding on your host so that the traffic goes through your host . Otherwise victim will lose connectivity . sysctl -w  net.ipv4.ip_forward=1
  2. Now specify  protocol to monitor
    # dsniff -t 21/tcp=ftp,23/tcp=telnet -n

Alternative tools to “dsniff” are : ngrep  and ettercap


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s