Security Basics mailing list archives
Re: Dsniff not sniffing properly
From: Hari Sekhon <hpsekhon () googlemail com>
Date: Mon, 16 Apr 2007 17:58:06 +0100
yes I am aware of all this, the question is not how to do man in the middle attacks but rather if anyone can think of a reason why dsniff isn't picking up the traffic going out of the interface. I only have 1 network card in this workstation so it must be going across the same interface, but nothing is showing.
-h Hari Sekhon Zhihao wrote:
If you can sniff from a local machine without entering promiscuous mode it means u r sniffing on the interface all traffic is entering and leaving, hence u will have no problems sniffing at all (local machine) If you are trying to sniff in a switched environment, ettercap is probably a better choice. It will allow u to poison the arp caches and execute a man-in-the-middle attack, capturing all traffic flowing through. Alternatively...u might wanna consider using a tool like macof. It comes with the dsniff package. Basically by using macof, u will flood the switch with arp replies, putting the switch into fail-open mode. It will then send traffic to every port, including the port where the sniffing interface is connected to, enabling u to sniff the passwords as well. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hari Sekhon Sent: Saturday, 14 April, 2007 12:09 AM To: security-basics () securityfocus com Subject: Dsniff not sniffing properly Hi,I have dsniff on 2 linux laptops, one Debian, one Gentoo and it works fine, if I run it on the local machine and then from the same machine log in to a remote ftp server on my local network as a test it sniffs the authentication pair and displays it.However, I have it on another workstation (Gentoo Linux) and if I run dsniff as root, it starts sniffing on eth0, my only network interface and the one I am connected to my lan through. I then log in to the same ftp server again and it remains blank.# dsniff dsniff: listening on eth0 <lots of nothing here>Even after I log out of the ftp server there is still nothing (upon logout is when it usually displays the creds to me)So the question is, what is wrong with dsniff on my workstation? lspci says I have the following network card:04:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5754 Gigabit Ethernet PCI Express (rev 02)Is the network card somehow crippled to prevent this? (In which case there should be mass boycott of this card)It doesn't even need to be in promiscuous mode in order to sniff from the local machine. Why is it not working?
Current thread:
- Dsniff not sniffing properly Hari Sekhon (Apr 13)
- RE: Dsniff not sniffing properly Zhihao (Apr 17)
- Re: Dsniff not sniffing properly Hari Sekhon (Apr 16)
- Message not available
- Re: Dsniff not sniffing properly Hari Sekhon (Apr 18)
- Re: Dsniff not sniffing properly Jason Ross (Apr 18)
- Re: Dsniff not sniffing properly Hari Sekhon (Apr 18)
- RE: Dsniff not sniffing properly Zhihao (Apr 17)