dsniff

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

The name dSniff refers both to the package of such tools and one eponymous tool ("dSniff") included within.

dsniff

License Freely distributable Developer Dug Song Website monkey.org~dugsong/dsniff Requirements Berkeley DB OpenSSL libpcap libnet libnids Support: FAQ, Mailing List Selected Reviews:

Features include:

• arpspoof - redirect packets from a target host (or all hosts) on the LAN intended for another local host by forging ARP replies
• dnsspoof - forge replies to arbitrary DNS address / pointer queries on the LAN
• dsniff - password sniffer. handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP, MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL auth info
• filesnarf - saves selected files sniffed from NFS traffic in the current working directory
• macof - flood the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing)
• mailsnarf - a fast and easy way to violate the Electronic Communications Privacy Act of 1986
• msgsnarf - record selected messages from sniffed AOL Instant Messenger, ICQ 2000, IRC, and Yahoo! Messenger chat sessions
• sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic redirected by dnsspoof, capturing SSH password logins, and optionally hijacking interactive sessions
• tcpkill - kills specified in-progress TCP connections
• tcpnice - slow down specified TCP connections via "active" traffic shaping
• urlsnarf - output selected URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers)
• webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies and sniffs web traffic redirected by dnsspoof, capturing most "secure" SSL-encrypted webmail logins and form submissions
• webspy - sends URLs sniffed from a client to your local browser for display

Last Updated Sunday, May 04 2008 @ 07:41 AM EDT