Christopher R. Russel
February 18, 2001
http://www.ouah.org/dsniffintr.htm
| arpspoof | redirects packets on a LAN to defeat the host-isolating behaviour of the switch. |
| dnsspoof | forges replies to DNS queries. |
| dsniff | password sniffer with ability to handle FTP, Telnet, SMTP, HTTP, POP, poppas, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL authentication info. |
| filesnarf | saves files sniffed from NFS traffic. |
| macof | causes LAN switch to fail-open (ie. Act as a hub and broadcast traffic to all hosts). |
| mailsnarf | saves email messages sniffed from SMTP and POP traffic. |
| msgsnarf | saves messages and chat sessions sniffed from most Instant Messenger protocols and IRC. |
| tcpkill | kills specified in-progress TCP connections. |
| tcpnice | slows down specified TCP connections. |
| urlsnarf | reports URLs sniffed from HTTP traffic. |
| webspy | sends sniffed URLs to your local Netscape browser, allowing you to browse in real-time along with the target. |
| sshmitm | proxies and sniffs SSH traffic redirected by dnsspoof, captures password logins and optionally allows hijacking interactive sessions. |
| webmitm | proxies and sniffs HTTP/HTTPS traffic redirected by dnsspoof, capturing SSL-encrypted logins and form submissions. |
Penetration Testing
Attack Preliminaries: Accessing the Target Network Traffic
Attack One: Password Sniffing
Attack Two: Message and File Capture
Attack Three: URL capture
Attack Four: Man-in-the-Middle
Song, Dug. "dsniff Frequently Asked Questions."
http://www.monkey.org/~dugsong/dsniff/faq.html
