Samiksha Jaiswal (Editor)

DSniff

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
Dug Song

Type
  
Packet sniffer

Operating system
  
Unix-like

License
  
3-clause BSD License

Stable release
  
2.3 / December 17, 2000; 16 years ago (2000-12-17)

Website
  
www.monkey.org/~dugsong/dsniff/

Dsniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g., due to layer-2 switching). sshmitm and webmitm implement active man-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

Overview

The applications sniff usernames and passwords, web pages being visited, contents of email etc. Dsniff, as the name implies, it is a network sniffer, but it can also be used to disrupt the normal behavior of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.

It handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pc Anywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

The name "dsniff" refers both to the package as well as an included tool. "dsniff" the tool decodes passwords sent in cleartext across a switched or unswitched Ethernet network. Its man page explains that Song wrote dsniff with "honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols." He then requests, "Please do not abuse this software."

These are the files that are configured in dsniff folder /etc/dsniff/

/etc/dsniff/dnsspoof.hosts --> Sample hosts file. If no hostfile is specified, replies will be forged for all address queries on the LAN with an answer of the local machine’s IP address.

/etc/dsniff/dsniff.magic --> Network protocol magic

/etc/dsniff/dsniff.services --> Default trigger table

The man page for dsniff explains all the flags. To learn more about using dsniff you can explore the Linux man page.

This is a list of descriptions for the various dsniff programs. This text belong to the dsniff “README” written by the author Dug Song.

See also: filesnarf, macof, mailsnarf, msgsnarf, sshmitm, tcpnice, urlsnarf, webmitm, webspy.

Other tools included with the package include:

  • "webspy", a program which intercepts URLs sent by a specific IP address and directs your web browser to connect to the same URL. This results in your browser opening up the same web pages as the target being sniffed.
  • "sshmitm" and "webmitm", programs designed to intercept SSH version 1 communications and web traffic respectively with a man-in-the-middle attack
  • "msgsnarf", a program designed to intercept Instant Messenger and IRC conversations
  • "macof", a program designed to break poorly designed Ethernet switches by flooding them with packets with bogus MAC addresses (MAC flooding).

    • References

    DSniff Wikipedia
    (Text) CC BY-SA