Security Basics mailing list archives

Re: Dsniff usage

From: Geert VAN ACKER <geert.vanacker () pandora be>
Date: Thu, 07 Jul 2005 11:03:52 +0200

Ron wrote:

Dsniff will (by default) try to set the NIC to permicuous mode, and it
functions like a regular sniffer.

So:
1) You need an administrator account to sniff traffic and set permicuous
mode
2) It can sniff any traffic that ends up at your network card.  So if
you're on a hub, you see everything plugged into it, and on a switch you
just see your own traffic, or any traffic routed through you.  It
doesn't use ARP poisoning, you would have to do that yourself (with
ettercap or nemesis or something).


Dsniff in fact is a suite of networktools. One of them, arpspoof(8) can
do arp poisoning. Don't forget to switch on kernel ip forwarding, or the
communication dies at your nic.

arpspoof -t host_you_want_to_observer default_gateway

-- 
Geert VAN ACKER

Current thread:

Re: Source port scanning w/nmap? Gonzalo Martinez (Jul 04)
- <Possible follow-ups>
- Re: Source port scanning w/nmap? matt (Jul 04)
- Re: Source port scanning w/nmap? Johannes Schneider (Jul 05)
  - RE: Source port scanning w/nmap? dissolved (Jul 05)
    - Re: Source port scanning w/nmap? ChayoteMu (Jul 06)
    - Re: Source port scanning w/nmap? Jonathan Glass (Jul 06)
    - RE: Source port scanning w/nmap? David Gillett (Jul 06)
  - Dsniff usage dissolved (Jul 05)
    - Re: Dsniff usage Ron (Jul 06)
    - Re: Dsniff usage Geert VAN ACKER (Jul 11)
    - Re: Dsniff usage Ron (Jul 13)
    - Re: Dsniff usage John (Jul 11)
- RE: Source port scanning w/nmap? Rochford, Paul (Jul 05)
- RE: Source port scanning w/nmap? Rochford, Paul (Jul 06)