DSNIFF

Section: Maintenance Commands (8)
Index Return to Main Contents

NAME

dsniff - password sniffer

SYNOPSIS

dsniff [-c] [-d] [-n] [-i interface] [-s snaplen] [-f services] [-r|-w savefile]

DESCRIPTION

dsniff is a password sniffer which handles FTP, Telnet, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, NFS, YP, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, and Oracle SQL*Net protocols.

dsniff minimally parses each application protocol, only saving the interesting bits, and uses Berkeley DB as its output file format, only logging unique authentication attempts. Full TCP/IP reassembly is provided by libnids(3).

I wrote dsniff with honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols. Please do not abuse this software.

OPTIONS

-c: Perform half-duplex TCP stream reassembly, to handle asymmetrically routed traffic (such as when using arpredirect(8) to intercept client traffic bound for the local gateway).
-d: Enable debugging mode.
-n: Do not resolve IP addresses to hostnames.
-i interface: Specify the interface to listen on.
-s snaplen: Analyze at most the first snaplen bytes of each TCP connection, rather than the default of 1024.
-f services: Load triggers from a services file.
-r savefile: Read sniffed sessions from a savefile created with the -w option.
-w file: Write sniffed sessions to savefile rather than parsing and printing them out.

On a hangup signal dsniff will dump its trigger table to dsniff.services, reload its triggers from the current service file, and reopen the current savefile.

FILES

dsniff.services trigger file written on SIGHUP

AUTHOR

Dug Song <dugsong@monkey.org>

This document was created by man2html, using the manual pages.
Time: 15:31:18 GMT, August 29, 2024