Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

dsniff(8) [debian man page]

DSNIFF(8)						      System Manager's Manual							 DSNIFF(8)

NAME

       dsniff - password sniffer

SYNOPSIS

       dsniff [-c] [-d] [-m] [-n] [-i interface | -p pcapfile] [-s snaplen] [-f services] [-t trigger[,...]]]  [-r|-w savefile] [expression]

DESCRIPTION

       dsniff  is a password sniffer which handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP,
       NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Micro-
       soft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

       dsniff  automatically detects and minimally parses each application protocol, only saving the interesting bits, and uses Berkeley DB as its
       output file format, only logging unique authentication attempts. Full TCP/IP reassembly is provided by libnids(3).

       I wrote dsniff with honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols.   Please
       do not abuse this software.

OPTIONS

       -c     Perform  half-duplex  TCP  stream  reassembly,  to handle asymmetrically routed traffic (such as when using arpspoof(8) to intercept
	      client traffic bound for the local gateway).

       -d     Enable debugging mode.

       -m     Enable automatic protocol detection.

       -n     Do not resolve IP addresses to hostnames.

       -i interface
	      Specify the interface to listen on.

       -p pcapfile
	      Rather than processing the contents of packets observed upon the network process the given PCAP capture file.

       -s snaplen
	      Analyze at most the first snaplen bytes of each TCP connection, rather than the default of 1024.

       -f services
	      Load triggers from a services file.

	-t trigger[,...]
	      Load triggers from a comma-separated list, specified as port/proto=service (e.g. 80/tcp=http).

       -r savefile
	      Read sniffed sessions from a savefile created with the -w option.

       -w file
	      Write sniffed sessions to savefile rather than parsing and printing them out.

       expression
	      Specify a tcpdump(8) filter expression to select traffic to sniff.

       On a hangup signal dsniff will dump its current trigger table to dsniff.services.

FILES

       /usr/share/dsniff/dsniff.services
	      Default trigger table

       /usr/share/dsniff/dsniff.magic
	      Network protocol magic

SEE ALSO

       arpspoof(8), libnids(3), services(5), magic(5)

AUTHOR

       Dug Song <dugsong@monkey.org>

BUGS

       dsniff's automatic protocol detection feature is based on the classic file(1) command by Ian Darwin, and shares its historical limitations
       and bugs.

																	 DSNIFF(8)

Check Out this Related Man Page

IPGRAB(8)						      System Manager's Manual							 IPGRAB(8)

NAME

       ipgrab - A Verbose Packet Sniffer

SYNOPSIS

       ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]

DESCRIPTION

       ipgrab  reads  and parses packets from the link layer through the application layer, dumping explicit header information along the way.	It
       is a lot like tcpdump except that it prints almost every header field.

   Options
       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you're redirecting output to a file.

       -c cnt, --count cnt
	      Terminate after receiving cnt packets.

       -C proto, --CCP proto
	      Assume a particular CCP protocol, such as MPPC. MPPC is the only one supported as yet.

       -d     Dump extra padding in packets. For example, according to an IP header, the packet ends at a certain point, but the  link	layer  may
	      have padded it beyond that. This option displays the padding. Not valid in minimal mode.

       -h, --help
	      Display usage screen with a brief description of the command line options.

       -i if, --interface if
	      Makes ipgrab listen to packets on interface if, e.g., eth0. If this option is not used, the default interface will be assumed.

       -l     Don't  display  link-layer  headers.  The  following protocols are considered to be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC,
	      Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal mode output. When operating in this mode, ipgrab displays only brief header information.

       -n     Don't display network-layer headers. The following protocols are considered to be network layer: AH, ESP, GRE, ICMP,  ICMPv6,  IGMP,
	      IP, IPv6, IPX, IPXRIP.

       -P string
	      Initiate a dynamic port mapping. This option must be followed by a string of the form `<protocol>=<port>', such as `http=8080'.

       -p     Dump  packet payloads beyond what IPgrab parses. In other words, if IPgrab does not parse a particular application, this option will
	      dump application data in hex and text format.

       -r FILE
	      Read packets from a file, rather than an interface. The file shoule be created in "raw" format, such as with '-w' option.

       -T     Do not display timestamps in minimal mode.

       -t     Don't display transport layer headers. The following protocols are considered to be transport layer: SPX, TCP, UDP.

       -v, --version
	      Display version number and then quit.

       -w FILE
	      Write the raw packets to a file, rather than the screen. The packets will not be parsed. The file can be read with the '-r' option.

       -x     Hex dump mode. After processing each layer, dump out the contents of that layer in hex and text. Only valid in main mode.

       expr   Berkeley packet filter expression.  See tcpdump(8) man page for details and examples.

SEE ALSO

       tcpdump(8)

NOTES

       Requires libpcap version 0.3 or greater to be installed.

AUTHOR

       Michael S. Borella
       http://www.borella.net/mike/
       mike@borella.net

								   07 March 2007							 IPGRAB(8)
Man Page