The dsniff command is an older suite of utilities written by Dug Song (http://monkey.org/~dugsong/dsniff/). Unlike the previously mentioned utilities, dsniff takes packet capture one level further. Using the underlying libpcap engine, dsniff takes the packets captured and attempts to report something a little more useful. The dsniff program is one of many utilities in the dsniff package. The standard dsniff command will attempt to capture and replay all unencrypted sessions including: FTP, telnet, SMTP,IMAP, and POP.

Installing dsniff

Prerequisites packages for centos/RHEL

libpcap , libpcap-devel , libnet , libnet-devel , libnids

  • # yum install libpcap libpcap-devel libnet libnet-devel libnids

Download dsniff tar from http://monkey.org/~dugsong/dsniff/

  • cd /usr/src
  • wget http://monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
  • tar zxvf dsniff-2.3.tar.gz
  • cd dsniff-2.3
  • ./configure && make && make install

The following example demonstrates how to use dsniff to an ftp sessions:

# dsniff -ni eth0
dsniff: listening on eth0

07/13/08 14:35:37 tcp -> (ftp)
USER darren
PASS darren

The dsniff output provides the protocol, IP address, port, and credentials of
the FTP session.

Note : The latest official release on the author’s website is 2.3. The newest release
maintained by the community is 2.4 and is available in many of the “extras”
repositories of popular Linux distributions.