dsniff(8) [debian man page]
DSNIFF(8) System Manager's Manual DSNIFF(8) NAME
dsniff - password sniffer SYNOPSIS
dsniff [-c] [-d] [-m] [-n] [-i interface | -p pcapfile] [-s snaplen] [-f services] [-t trigger[,...]]] [-r|-w savefile] [expression] DESCRIPTION
dsniff is a password sniffer which handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Micro- soft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols. dsniff automatically detects and minimally parses each application protocol, only saving the interesting bits, and uses Berkeley DB as its output file format, only logging unique authentication attempts. Full TCP/IP reassembly is provided by libnids(3). I wrote dsniff with honest intentions - to audit my own network, and to demonstrate the insecurity of cleartext network protocols. Please do not abuse this software. OPTIONS
-c Perform half-duplex TCP stream reassembly, to handle asymmetrically routed traffic (such as when using arpspoof(8) to intercept client traffic bound for the local gateway). -d Enable debugging mode. -m Enable automatic protocol detection. -n Do not resolve IP addresses to hostnames. -i interface Specify the interface to listen on. -p pcapfile Rather than processing the contents of packets observed upon the network process the given PCAP capture file. -s snaplen Analyze at most the first snaplen bytes of each TCP connection, rather than the default of 1024. -f services Load triggers from a services file. -t trigger[,...] Load triggers from a comma-separated list, specified as port/proto=service (e.g. 80/tcp=http). -r savefile Read sniffed sessions from a savefile created with the -w option. -w file Write sniffed sessions to savefile rather than parsing and printing them out. expression Specify a tcpdump(8) filter expression to select traffic to sniff. On a hangup signal dsniff will dump its current trigger table to dsniff.services. FILES
/usr/share/dsniff/dsniff.services Default trigger table /usr/share/dsniff/dsniff.magic Network protocol magic SEE ALSO
arpspoof(8), libnids(3), services(5), magic(5) AUTHOR
Dug Song <dugsong@monkey.org> BUGS
dsniff's automatic protocol detection feature is based on the classic file(1) command by Ian Darwin, and shares its historical limitations and bugs. DSNIFF(8)
Check Out this Related Man Page
SERVICES(5) Linux Programmer's Manual SERVICES(5) NAME
services - Internet network services list DESCRIPTION
services is a plain ASCII file providing a mapping between human-friendly textual names for internet services, and their underlying assigned port numbers and protocol types. Every networking program should look into this file to get the port number (and protocol) for its service. The C library routines getservent(3), getservbyname(3), getservbyport(3), setservent(3), and endservent(3) support querying this file from programs. Port numbers are assigned by the IANA (Internet Assigned Numbers Authority), and their current policy is to assign both TCP and UDP proto- cols when assigning a port number. Therefore, most entries will have two entries, even for TCP-only services. Port numbers below 1024 (so-called "low numbered" ports) can be bound to only by root (see bind(2), tcp(7), and udp(7)). This is so clients connecting to low numbered ports can trust that the service running on the port is the standard implementation, and not a rogue service run by a user of the machine. Well-known port numbers specified by the IANA are normally located in this root-only space. The presence of an entry for a service in the services file does not necessarily mean that the service is currently running on the machine. See inetd.conf(5) for the configuration of Internet services offered. Note that not all networking services are started by inetd(8), and so won't appear in inetd.conf(5). In particular, news (NNTP) and mail (SMTP) servers are often initialized from the system boot scripts. The location of the services file is defined by _PATH_SERVICES in <netdb.h>. This is usually set to /etc/services. Each line describes one service, and is of the form: service-name port/protocol [aliases ...] where: service-name is the friendly name the service is known by and looked up under. It is case sensitive. Often, the client program is named after the service-name. port is the port number (in decimal) to use for this service. protocol is the type of protocol to be used. This field should match an entry in the protocols(5) file. Typical values include tcp and udp. aliases is an optional space or tab separated list of other names for this service. Again, the names are case sensitive. Either spaces or tabs may be used to separate the fields. Comments are started by the hash sign (#) and continue until the end of the line. Blank lines are skipped. The service-name should begin in the first column of the file, since leading spaces are not stripped. service-names can be any printable characters excluding space and tab. However, a conservative choice of characters should be used to minimize compatibility problems. For example, a-z, 0-9, and hyphen (-) would seem a sensible choice. Lines not matching this format should not be present in the file. (Currently, they are silently skipped by getservent(3), getservby- name(3), and getservbyport(3). However, this behavior should not be relied on.) This file might be distributed over a network using a network-wide naming service like Yellow Pages/NIS or BIND/Hesiod. A sample services file might look like this: netstat 15/tcp qotd 17/tcp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp 21/tcp # 22 - unassigned telnet 23/tcp FILES
/etc/services The Internet network services list <netdb.h> Definition of _PATH_SERVICES SEE ALSO
listen(2), endservent(3), getservbyname(3), getservbyport(3), getservent(3), setservent(3), inetd.conf(5), protocols(5), inetd(8) Assigned Numbers RFC, most recently RFC 1700, (AKA STD0002). COLOPHON
This page is part of release 4.15 of the Linux man-pages project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at https://www.kernel.org/doc/man-pages/. Linux 2010-05-22 SERVICES(5)