1DSNIFF(8)                   System Manager's Manual                  DSNIFF(8)
2
3
4

NAME

6       dsniff - password sniffer
7

SYNOPSIS

9       dsniff [-c] [-d] [-m] [-n] [-i interface | -p pcapfile] [-s snaplen]
10       [-f services] [-t trigger[,...]]]  [-r|-w savefile] [expression]
11

DESCRIPTION

13       dsniff is a password sniffer which handles  FTP,  Telnet,  SMTP,  HTTP,
14       POP,  poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP,
15       NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL,
16       Meeting  Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft
17       SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.
18
19       dsniff automatically detects and minimally parses each application pro‐
20       tocol,  only  saving  the interesting bits, and uses Berkeley DB as its
21       output file format, only logging unique authentication  attempts.  Full
22       TCP/IP reassembly is provided by libnids(3).
23
24       I wrote dsniff with honest intentions - to audit my own network, and to
25       demonstrate the insecurity of cleartext network protocols.   Please  do
26       not abuse this software.
27

OPTIONS

29       -c     Perform  half-duplex TCP stream reassembly, to handle asymmetri‐
30              cally routed traffic (such as when using arpspoof(8)  to  inter‐
31              cept client traffic bound for the local gateway).
32
33       -d     Enable debugging mode.
34
35       -m     Enable automatic protocol detection.
36
37       -n     Do not resolve IP addresses to hostnames.
38
39       -i interface
40              Specify the interface to listen on.
41
42       -p pcapfile
43              Rather than processing the contents of packets observed upon the
44              network process the given PCAP capture file.
45
46       -s snaplen
47              Analyze at most the first snaplen bytes of each TCP  connection,
48              rather than the default of 1024.
49
50       -f services
51              Load triggers from a services file.
52
53        -t trigger[,...]
54              Load   triggers   from  a  comma-separated  list,  specified  as
55              port/proto=service (e.g. 80/tcp=http).
56
57       -r savefile
58              Read sniffed sessions  from  a  savefile  created  with  the  -w
59              option.
60
61       -w file
62              Write  sniffed  sessions  to  savefile  rather  than parsing and
63              printing them out.
64
65       expression
66              Specify a tcpdump(8) filter  expression  to  select  traffic  to
67              sniff.
68
69       On  a  hangup  signal  dsniff  will  dump  its current trigger table to
70       dsniff.services.
71

FILES

73       /etc/dsniff/dsniff.services
74              Default trigger table
75
76       /etc/dsniff/dsniff.magic
77              Network protocol magic
78

SEE ALSO

80       arpspoof(8), libnids(3), services(5), magic(5)
81

AUTHOR

83       Dug Song <dugsong@monkey.org>
84

BUGS

86       dsniff's automatic protocol detection feature is based on the classic
87       file(1) command by Ian Darwin, and shares its historical limitations
88       and bugs.
89
90
91
92                                                                     DSNIFF(8)
Impressum