dSniff

dSniff
dsniff
Developer(s) Dug Song
Stable release 2.3 / December 17, 2000; 10 years ago (2000-12-17)
Operating system Unix-like
Type Packet sniffer
Website www.monkey.org/~dugsong/dsniff/

Dsniff is a password sniffer written by Dug Song [1] and a package of utilities that parse many different application protocols and extract interesting information.[1]

Contents

Overview

dsniff is a packet sniffer and set of traffic analysis tools written by Dug Song. The application sniffs usernames and passwords, web pages being visited, contents of email, etc. Dsniff, as the name implies, is a network sniffer, but designed for different testings. Furthermore, it can be used to crush the normal behavior of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.

It handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pc Anywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

The name "dsniff" refers both to the package as well as an included tool. "dsniff" the tool decodes passwords sent in cleartext across a switched or unswitched Ethernet network. Its man page explains that he wrote dsniff with "honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols." He then requests, "Please do not abuse this software."

These are the files that are configured in dsniff folder /etc/dsniff/

/etc/dsniff/dnsspoof.hosts --> Sample hosts file. [2] If no hostfile is specified, replies will forged for all address queries on the LAN with an answer of the local machine’s IP address.

/etc/dsniff/dsniff.magic --> Network protocol magic

/etc/dsniff/dsniff.services --> Default trigger table

The man page for dsniff explains all the flags. To learn more about using dsniff you can explore the Linux man page. [3]

This is a list of descriptions for the various dsniff programs. This text belong to the dsniff “README” written by the author Dug Song.

Name Description
arpspoofing ARP spoofing Redirect packets from a target host (or all hosts) on the LAN intended for another local host by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch. kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter :-) must be turned on ahead of time.
dnsspoof Forge replies to arbitrary DNS address / pointer queries on the LAN. this is useful in bypassing hostname-based access controls, or in implementing a variety of man-in-the middle attacks (HTTP, HTTPS, SSH, Kerberos, etc).
tcpkill Kills specified in-progress TCP connections (useful for libnids-based applications which require a full TCP 3-whs for TCB creation). Can be effective for bandwidth control.

See also: filesnarf [4], macof [5], mailsnarf [6], msgsnarf [7], sshmitm [8], tcpnice [9], urlsnarf [10] webmitm [11], webspy [12].


Other tools included with the package include:

  • "webspy", a program which intercepts URLs sent by a specific IP address and directs your web browser to connect to the same URL. This results in your browser opening up the same web pages as the target being sniffed.
  • "sshmitm" and "webmitm", programs designed to intercept SSH version 1 communications and web traffic respectively with a man-in-the-middle attack
  • "msgsnarf", a program designed to intercept Instant Messenger and IRC conversations
  • "macof", a program designed to break poorly-designed Ethernet switches by flooding them with packets with bogus MAC addresses (MAC flooding).

Bandwidth Control

Tomasz Chmielewski's Bandwidth−Limiting−HOWTO [13] is a clear reference document for CBQ (Class Based Queueing). CBQ will let you to allocate bandwidth to particular network services. To learn more about CBQ read more information in the link mentioned above.

References

  1. ^ Christopher R. Russel. "Penetration Testing with dsniff". http://www.ouah.org/dsniffintr.htm. 

External links

See also


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • DSniff — est un outil d analyse du trafic réseau, principalement un packet sniffer, écrit par Dug Song, un chercheur en sécurité informatique de l Université du Michigan. Liens externes (en) Site officiel de dSniff (en) FAQ sur dSniff …   Wikipédia en Français

  • dSniff — est un outil d analyse du trafic réseau, principalement un packet sniffer, écrit par Dug Song, un chercheur en sécurité informatique de l Université du Michigan. Liens externes (en) Site officiel de dSniff (en) FAQ sur dSniff …   Wikipédia en Français

  • DSniff — Infobox Software name = dSniff developer = Dug Song latest release date =release date and age|2000|12|17 latest release version = 2.3 operating system = Unix like genre = Packet sniffer license = website = [http://www.monkey.org/ dugsong/dsniff/… …   Wikipedia

  • Comparison of packet analyzers — The following tables compare general and technical information for several packet analyzer software utilities. Please see the individual products articles for further information. This article is not all inclusive or necessarily up to date.… …   Wikipedia

  • Packet analyzer — A packet analyzer (also known as a network analyzer, protocol analyzer, or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log… …   Wikipedia

  • Man-in-the-middle attack — Not to be confused with Meet in the middle attack. In cryptography, the man in the middle attack (often abbreviated MITM), bucket brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent …   Wikipedia

  • ARP spoofing — Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network which may allow an attacker to sniff data frames on a local area network… …   Wikipedia

  • Password cracking — is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a… …   Wikipedia

  • Knoppix STD — (Security Tools Distribution) is a Live CD Linux distribution based on Knoppix that focuses on computer security tools. It includes GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics,… …   Wikipedia

  • NUbuntu — Infobox OS name = nUbuntu Linux caption = nUbuntu Formula One developer = Brendan Almonte family = Linux source model = FOSS latest release version = 8.04 Alpha latest release date = release date|2008|7|16 kernel type = Monolithic kernel ui =… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”