The dsniff command is an older suite of utilities written by Dug Song (http://monkey.org/~dugsong/dsniff/). Unlike the previously mentioned utilities, dsniff takes packet capture one level further. Using the underlying libpcap engine, dsniff takes the packets captured and attempts to report something a little more useful. The dsniff program is one of many utilities in the dsniff package. The standard dsniff command will attempt to capture and replay all unencrypted sessions including: FTP, telnet, SMTP,IMAP, and POP.
Installing dsniff
Prerequisites packages for centos/RHEL
libpcap , libpcap-devel , libnet , libnet-devel , libnids
- # yum install libpcap libpcap-devel libnet libnet-devel libnids
Download dsniff tar from http://monkey.org/~dugsong/dsniff/
- cd /usr/src
- wget http://monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
- tar zxvf dsniff-2.3.tar.gz
- cd dsniff-2.3
- ./configure && make && make install
The following example demonstrates how to use dsniff to an ftp sessions:
# dsniff -ni eth0
dsniff: listening on eth0
—————–
07/13/08 14:35:37 tcp 192.168.1.102.3832 -> 192.168.1.60.21 (ftp)
USER darren
PASS darren
The dsniff output provides the protocol, IP address, port, and credentials of
the FTP session.
Note : The latest official release on the author’s website is 2.3. The newest release
maintained by the community is 2.4 and is available in many of the “extras”
repositories of popular Linux distributions.