RE: Dsniff usage

["Dieter Sarrazyn" <dsr () ascure com>]

Just remember that dsniff is one-way arp spoofing ... and can have funny
results in windows environments ... 

> -----Original Message-----
> From: John [mailto:naverxp () yahoo com sg] 
> Sent: vrijdag 8 juli 2005 19:00
> To: Ron
> Cc: dissolved; security-basics () securityfocus com
> Subject: Re: Dsniff usage
>
> Hi all
>
> Pardon me for correcting your mistake.
> 1) Set your card to promiscuous mode. (passive-mode)
> 2) Dsniff comes with arp poisoning i think.
>
> :)
>
>
> Ron wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Dsniff will (by default) try to set the NIC to permicuous 
> mode, and it 
> > functions like a regular sniffer.
> >
> > So:
> > 1) You need an administrator account to sniff traffic and set 
> > permicuous mode
> > 2) It can sniff any traffic that ends up at your network 
> card.  So if 
> > you're on a hub, you see everything plugged into it, and on a switch 
> > you just see your own traffic, or any traffic routed through 
> you.  It 
> > doesn't use ARP poisoning, you would have to do that yourself (with 
> > ettercap or nemesis or something).
> >
> > Hope that helps,
> > - -Ron
> >
> > dissolved wrote:
> >  
> >
> > > Can DSNIFF's utilities (ie:  urlsnarf)  work in a LAN, 
> regardless of 
> > > the permissions you have on the target PC correct?  Does it 
> employ arp 
> > > poisoning to accomplish this?
> > >
> > > Any tips for usage?  I've heard it's not as stable on the 
> win32 platform.
> > > Thanks
> > >
> > >
> > >
> > >
> > >    
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.9.15 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFCy+AnfqSf2EkP4p4RAk0dAJ9TIw3RdLy3a0cRGEmg1bhxIlJrHwCfYVZ2
> > T8PmZg/5qKghm0BtfoEmMJw=
> > =lmrD
> > -----END PGP SIGNATURE-----
> >
> >
> >  
> Send instant messages to your online friends 
> http://asia.messenger.yahoo.com