Security Basics mailing list archives
Re: Dsniff usage
From: Geert VAN ACKER <geert.vanacker () pandora be>
Date: Thu, 07 Jul 2005 11:03:52 +0200
Ron wrote:
Dsniff will (by default) try to set the NIC to permicuous mode, and it functions like a regular sniffer. So: 1) You need an administrator account to sniff traffic and set permicuous mode 2) It can sniff any traffic that ends up at your network card. So if you're on a hub, you see everything plugged into it, and on a switch you just see your own traffic, or any traffic routed through you. It doesn't use ARP poisoning, you would have to do that yourself (with ettercap or nemesis or something).
Dsniff in fact is a suite of networktools. One of them, arpspoof(8) can do arp poisoning. Don't forget to switch on kernel ip forwarding, or the communication dies at your nic. arpspoof -t host_you_want_to_observer default_gateway -- Geert VAN ACKER
Current thread:
- Re: Source port scanning w/nmap? Gonzalo Martinez (Jul 04)
- <Possible follow-ups>
- Re: Source port scanning w/nmap? matt (Jul 04)
- Re: Source port scanning w/nmap? Johannes Schneider (Jul 05)
- RE: Source port scanning w/nmap? dissolved (Jul 05)
- Re: Source port scanning w/nmap? ChayoteMu (Jul 06)
- Re: Source port scanning w/nmap? Jonathan Glass (Jul 06)
- RE: Source port scanning w/nmap? David Gillett (Jul 06)
- Dsniff usage dissolved (Jul 05)
- Re: Dsniff usage Ron (Jul 06)
- Re: Dsniff usage Geert VAN ACKER (Jul 11)
- Re: Dsniff usage Ron (Jul 13)
- Re: Dsniff usage John (Jul 11)
- RE: Source port scanning w/nmap? dissolved (Jul 05)