Security Basics mailing list archives
Re: Dsniff usage
From: Ron <iago () valhallalegends com>
Date: Wed, 13 Jul 2005 10:47:33 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Geert VAN ACKER wrote:
Ron wrote:Dsniff will (by default) try to set the NIC to permicuous mode, and it functions like a regular sniffer. So: 1) You need an administrator account to sniff traffic and set permicuous mode 2) It can sniff any traffic that ends up at your network card. So if you're on a hub, you see everything plugged into it, and on a switch you just see your own traffic, or any traffic routed through you. It doesn't use ARP poisoning, you would have to do that yourself (with ettercap or nemesis or something).Dsniff in fact is a suite of networktools. One of them, arpspoof(8) can do arp poisoning. Don't forget to switch on kernel ip forwarding, or the communication dies at your nic. arpspoof -t host_you_want_to_observer default_gateway
All right, my mistake. I used "dsniff" the program, I hadn't realized that the other tools were individual. My bad! - -Ron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC1TeUfqSf2EkP4p4RAqC0AJ4wXZ7bnK5bMeVN/Gl78qo2Gctk1ACeN9th E6t8Iw4ZeqFH/t30lqp+g5A= =l0Br -----END PGP SIGNATURE-----
Current thread:
- Re: Source port scanning w/nmap? Gonzalo Martinez (Jul 04)
- <Possible follow-ups>
- Re: Source port scanning w/nmap? matt (Jul 04)
- Re: Source port scanning w/nmap? Johannes Schneider (Jul 05)
- RE: Source port scanning w/nmap? dissolved (Jul 05)
- Re: Source port scanning w/nmap? ChayoteMu (Jul 06)
- Re: Source port scanning w/nmap? Jonathan Glass (Jul 06)
- RE: Source port scanning w/nmap? David Gillett (Jul 06)
- Dsniff usage dissolved (Jul 05)
- Re: Dsniff usage Ron (Jul 06)
- Re: Dsniff usage Geert VAN ACKER (Jul 11)
- Re: Dsniff usage Ron (Jul 13)
- Re: Dsniff usage John (Jul 11)
- RE: Source port scanning w/nmap? dissolved (Jul 05)