Penetration Testing mailing list archives
RE: Dsniff'ng wireless networks
From: "Matthew Jach" <jach () berbee com>
Date: Tue, 10 Jul 2001 11:50:25 -0500
Ok - so this is a little off topic but I just thought I'd throw it out there. It's an old discussion we've had before regarding using dsniff on saved pcap files... <snip> Well, it was much easier than I though. Sometimes it is useful to be able to apply to lovely methods available in dsniff to a saved pcap file. Since dsniff uses libnids for all its sniffing needs, and libnids uses libpcap, building dsniff with a slightly altered libnids will allow dsniff to specify a file instead of an interface. The diff in libnids is simply: src/libnids.c: < if ((desc = pcap_open_live(device, 16384, nids_params.promisc!=0, 1024, nids_errbuf)) == NULL) ---
if ((desc = pcap_open_offline(device, nids_errbuf)) == NULL)
Then relink dsniff to this modified libnids. There are cooler ways to solve this including having libnids check for whether device is a filename or interface which I will do shortly. So now, the -i argument is treated as a file. As an example, here from a log box: dsniff.file -n -i /log1/log010403.1013 dsniff.file: listening on /log1/log010403.1013 04/03/01 10:59:53 udp 192.168.0.1.49156 -> x.x.x.x.161 (snmp) [version 1] (obscured) 04/03/01 11:00:22 tcp 192.168.0.1.1280 -> x.x.x.x.80 (http) GET /foo/ HTTP/1.0 Host: foo.bar.net (obscured) Makes a real nice harvesting program should you have pcap files lying around. <snip - eol> -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Dsniff'ng wireless networks sito (Jul 07)
- Re: Dsniff'ng wireless networks jay (Jul 09)
- Re: Dsniff'ng wireless networks Joe Shaw (Jul 09)
- <Possible follow-ups>
- Re: Dsniff'ng wireless networks ed . rolison (Jul 09)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 10)
- RE: Dsniff'ng wireless networks Philip Cox (Jul 10)
- RE: Dsniff'ng wireless networks Jon Larimer (Jul 10)
- RE: Dsniff'ng wireless networks Matthew Jach (Jul 10)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 10)
- Re: Dsniff'ng wireless networks Joe Shaw (Jul 10)
- RE: Dsniff'ng wireless networks Bourque Daniel (Jul 10)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 11)
- Re: Dsniff'ng wireless networks Dragos Ruiu (Jul 12)
- Re: Dsniff'ng wireless networks Michael H. Warfield (Jul 11)
- RE: Dsniff'ng wireless networks Kohlenberg, Toby (Jul 12)
- RE: Dsniff'ng wireless networks R. DuFresne (Jul 12)
- RE: Dsniff'ng wireless networks Kohlenberg, Toby (Jul 12)
- RE: Dsniff'ng wireless networks Mike . Ruscher (Jul 13)
- Replacing WEP was Re: Dsniff'ng wireless networks Simon Waters (Jul 17)
- Re: Replacing WEP was Re: Dsniff'ng wireless networks Crist Clark (Jul 22)
- Replacing WEP was Re: Dsniff'ng wireless networks Simon Waters (Jul 17)