DSniff
   HOME

TheInfoList



Click Here for Items Related To - DSniff
OR:
DSniff on:   [Wikipedia]   [Google]   [Amazon]

dSniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g., due to layer-2 switching). sshmitm and webmitm implement active
man-in-the-middle In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...
attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.


Overview

The applications sniff usernames and passwords, web pages being visited, contents of an email, etc. As the name implies, dsniff is a network sniffer, but it can also be used to disrupt the normal behavior of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on. It handles
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and dat ...
,
Telnet Telnet (sometimes stylized TELNET) is a client-server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. It is a protocol for bidirectional 8-bit communications. Its main ...
,
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typi ...
,
HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...
, POP, poppass,
NNTP The Network News Transfer Protocol (NNTP) is an application protocol used for transporting Usenet news articles (''netnews'') between news servers, and for reading/posting articles by the end user client applications. Brian Kantor of the Unive ...
,
IMAP In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by . IMAP was designed with the goal of per ...
,
SNMP Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically su ...
,
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed Directory service, directory information services over an Internet Protocol (IP) networ ...
,
Rlogin The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer System ...
, RIP, OSPF,
PPTP The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues. PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate P ...
MS-CHAP MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP). Versions The protocol exists in two versions, MS-CHAPv1 (defined in ) and MS-CHAPv2 (defined in ). MS-CHAPv2 was introduced with pptp3-fix that was in ...
, NFS, VRRP, YP/NIS,
SOCKS A sock is a piece of clothing worn on the feet and often covering the ankle or some part of the Calf (leg), calf. Some types of shoes or boots are typically worn over socks. In ancient times, socks were made from leather or matted animal hair. ...
,
X11 The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. X originated as part of Project Athena at Massachusetts Institute of Technology (MIT) in 1984. The X protocol has been at ...
, CVS,
IRC IRC (Internet Relay Chat) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat ...
, AIM, ICQ,
Napster Napster was an American proprietary peer-to-peer (P2P) file sharing application primarily associated with digital audio file distribution. Founded by Shawn Fanning and Sean Parker, the platform originally launched on June 1, 1999. Audio shared ...
,
PostgreSQL PostgreSQL ( ) also known as Postgres, is a free and open-source software, free and open-source relational database management system (RDBMS) emphasizing extensibility and SQL compliance. PostgreSQL features transaction processing, transactions ...
,
Meeting Maker Meeting Maker is a cross-platform personal calendar and group scheduling software application from PeopleCube. First released in 1991 for Macintosh by ON Technology, support for other platforms followed in 1993 with Meeting Maker XP. Alongside Win ...
, Citrix ICA, Symantec pc Anywhere, NAI Sniffer,
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
SMB,
Oracle An oracle is a person or thing considered to provide insight, wise counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. If done through occultic means, it is a form of divination. Descript ...
SQL*Net,
Sybase Sybase, Inc. was an enterprise software and services company. The company produced software relating to relational databases, with facilities located in California and Massachusetts. Sybase was acquired by SAP in 2010; SAP ceased using the Syba ...
and
Microsoft SQL Microsoft SQL Server is a proprietary relational database management system developed by Microsoft using SQL, Structured Query Language (SQL, often pronounced "sequel"). As a database server, it is a software product with the primary function ...
protocols. The name "dsniff" refers both to the package as well as an included tool. The "dsniff" tool decodes passwords sent in
cleartext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
across a switched or unswitched
Ethernet Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...
network. Its
man page A man page (short for manual page) is a form of software documentation found on Unix and Unix-like operating systems. Topics covered include programs, system libraries, system calls, and sometimes local system details. The local host administr ...
explains that Dug Song wrote dsniff with "honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols." He then requests, "Please do not abuse this software." These are the files that are configured in dsniff folder /etc/dsniff/ ;/etc/dsniff/dnsspoof.hosts : Sample hosts file. :If no host file is specified, replies will be forged for all address queries on the LAN with an answer of the local machine’s IP address. ;/etc/dsniff/dsniff.magic : Network protocol magic ;/etc/dsniff/dsniff.services : Default trigger table The man page for dsniff explains all the flags. To learn more about using dsniff, you can explore the Linux man page.dsniff(8): password sniffer - Linux man page
/ref> This is a list of descriptions for the various dsniff programs. This text belong to the dsniff “README” written by the author, Dug Song.


See also

* Comparison of packet analyzers * EtherApe, a network mapping tool that relies on sniffing traffic *
netsniff-ng netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets (RX_RING, TX_RING), so that the Linux kernel does not need ...
, a free Linux networking toolkit *
Network tap A network tap is a system that monitors events on a local network. A tap is typically a dedicated hardware device, which provides a way to access the data flowing across a computer network. The network tap has (at least) three ports: an ''A port ...
*
Ngrep ngrep (Computer network, network grep) is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library. ngrep supports Berkeley Packet Filter (Berkeley Packet Fil ...
, a tool that can match regular expressions within the network packet payloads *
tcpdump tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distr ...
, a
packet analyzer A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...
* Tcptrace, a tool for analyzing the logs produced by tcpdump *
Wireshark Wireshark is a Free and open-source software, free and open-source packet analyzer. It is used for computer network, network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, ...
, a GUI based alternative to tcpdump


References


External links


Official website
*Dunston, Duane, Linuxsecurity.com, “And away we spoof!!!” http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf {{DEFAULTSORT:Dsniff Network analyzers Password cracking software Free network management software