Security Basics mailing list archives

Re: Dsniff usage

From: Ron <iago () valhallalegends com>
Date: Wed, 06 Jul 2005 08:44:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dsniff will (by default) try to set the NIC to permicuous mode, and it
functions like a regular sniffer.

So:
1) You need an administrator account to sniff traffic and set permicuous
mode
2) It can sniff any traffic that ends up at your network card.  So if
you're on a hub, you see everything plugged into it, and on a switch you
just see your own traffic, or any traffic routed through you.  It
doesn't use ARP poisoning, you would have to do that yourself (with
ettercap or nemesis or something).

Hope that helps,
- -Ron

dissolved wrote:

Can DSNIFF's utilities (ie:  urlsnarf)  work in a LAN, regardless of the
permissions you have on the target PC correct?  Does it employ arp poisoning
to accomplish this? 

Any tips for usage?  I've heard it's not as stable on the win32 platform.
Thanks

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.9.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCy+AnfqSf2EkP4p4RAk0dAJ9TIw3RdLy3a0cRGEmg1bhxIlJrHwCfYVZ2
T8PmZg/5qKghm0BtfoEmMJw=
=lmrD
-----END PGP SIGNATURE-----

Current thread:

Re: Source port scanning w/nmap? Gonzalo Martinez (Jul 04)
- <Possible follow-ups>
- Re: Source port scanning w/nmap? matt (Jul 04)
- Re: Source port scanning w/nmap? Johannes Schneider (Jul 05)
  - RE: Source port scanning w/nmap? dissolved (Jul 05)
    - Re: Source port scanning w/nmap? ChayoteMu (Jul 06)
    - Re: Source port scanning w/nmap? Jonathan Glass (Jul 06)
    - RE: Source port scanning w/nmap? David Gillett (Jul 06)
  - Dsniff usage dissolved (Jul 05)
    - Re: Dsniff usage Ron (Jul 06)
    - Re: Dsniff usage Geert VAN ACKER (Jul 11)
    - Re: Dsniff usage Ron (Jul 13)
    - Re: Dsniff usage John (Jul 11)
- RE: Source port scanning w/nmap? Rochford, Paul (Jul 05)
- RE: Source port scanning w/nmap? Rochford, Paul (Jul 06)