Man Linux: Main Page and Category List


       dsniff - password sniffer


       dsniff [-c] [-d] [-m] [-n] [-i interface | -p pcapfile] [-s snaplen]
       [-f services] [-t trigger[,...]]]  [-r|-w savefile] [expression]


       dsniff is a password sniffer which handles  FTP,  Telnet,  SMTP,  HTTP,
       POP,  poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP,
       NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL,
       Meeting  Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft
       SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

       dsniff automatically detects  and  minimally  parses  each  application
       protocol, only saving the interesting bits, and uses Berkeley DB as its
       output file format, only logging unique authentication  attempts.  Full
       TCP/IP reassembly is provided by libnids(3).

       I wrote dsniff with honest intentions - to audit my own network, and to
       demonstrate the insecurity of cleartext network protocols.   Please  do
       not abuse this software.


       -c     Perform   half-duplex   TCP   stream   reassembly,   to   handle
              asymmetrically routed traffic (such as when using arpspoof(8) to
              intercept client traffic bound for the local gateway).

       -d     Enable debugging mode.

       -m     Enable automatic protocol detection.

       -n     Do not resolve IP addresses to hostnames.

       -i interface
              Specify the interface to listen on.

       -p pcapfile
              Rather than processing the contents of packets observed upon the
              network process the given PCAP capture file.

       -s snaplen
              Analyze at most the first snaplen bytes of each TCP  connection,
              rather than the default of 1024.

       -f services
              Load triggers from a services file.

        -t trigger[,...]
              Load   triggers   from  a  comma-separated  list,  specified  as
              port/proto=service (e.g. 80/tcp=http).

       -r savefile
              Read sniffed sessions  from  a  savefile  created  with  the  -w

       -w file
              Write  sniffed  sessions  to  savefile  rather  than parsing and
              printing them out.

              Specify a tcpdump(8) filter  expression  to  select  traffic  to

       On  a  hangup  signal  dsniff  will  dump  its current trigger table to


              Default trigger table

              Network protocol magic


       arpspoof(8), libnids(3), services(5), magic(5)


       Dug Song <>


       dsniff’s automatic protocol detection feature is based on the classic
       file(1) command by Ian Darwin, and shares its historical limitations
       and bugs.