Tuesday, 11 September 2012

dsniff on backtrack 5


dsniff
dsniff

INTRODUCTION
  • dsniff is created by Dug Song.
  • dsniff is a password sniffer which handles FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.
  • dsniff automatically detects and minimally parses each application protocol, only saving the interesting bits, and uses Berkeley DB as its output file format, only logging unique authentication attempts.
Options
-c
Perform half-duplex TCP stream reassembly, to handle asymmetrically routed traffic (such as when using arpspoof to intercept client traffic bound for the local gateway).

-d
Enable debugging mode.
-m
Enable automatic protocol detection.
-n
Do not resolve IP addresses to hostnames.
-i interface
Specify the interface to listen on.
-p pcapfile
Rather than processing the contents of packets observed upon the network process the given PCAP capture file.
-s snaplen
Analyze at most the first snaplen bytes of each TCP connection, rather than the default of 1024.
-f services
Load triggers from a services file.
-t trigger[,...]
Load triggers from a comma-separated list, specified as port/proto=service (e.g. 80/tcp=http).
-r savefile
Read sniffed sessions from a savefile created with the -w option.
-w file
Write sniffed sessions to savefile rather than parsing and printing them out.

How to open dsniff
  • To open dsniff , just open konsole and type the command to start dsniff.
  • To open dsniff on backtrack 5 follow the given below - 
  • BackTrack > Priviledge Escalation > Protocol Analysis > Neywork Sniffers > dsniff 
  • See the below image for more details - 
How To Use  " dsniff "
  • To start dsniff open konsole and type the command as shown in the image - 
  • Command : dsniff -i eth0
  • Here -i is used for interface .
  • See the below image for screenshot view - 
dsniff start

Example1: 
dsniff 
  • Below you can see the output -
  • An attemp has been made in my network and using dsniff we can see the output . Below image shows that 192.168.232.170( Metasploitable ) is successfully connected to 192.168.232.172( Xp ) on eth0 interface. 
  • See the below image , it shows how the output will look like . 
dsniff -i eth0


Example 2:
dsniff ( -m option )
  • dsniff with -m option is used to ' enable automatic protocol detection ' .
  • Command Used : dsniff -m -i eth0.
  • See the below image for various attempt detected using ' dsniff ' -
dsniff -m -i eth0
 
Example 3:
dsniff (-n option)

  • Do not resolve IP addresses to hostnames .
  • See the below image , it shows the two attemps one is the telnet attempt and another one is ftp -
dsniff -n -i eth0
Example 4:
dsniff : Save your result in output file ( using -w option ).
* To save results in a output file use -w option . * Command Used : dsniff -n -i eth0 -w <file name > * See the below image for more help -  * You can see your file using cat command as shown in the below image - 
dsniff : save result in a output file
    THIS IS HOW WE CAN USE DSNIFF TOOL 
    MORE EXAMPLES WILL BE ADDED SOON 

No comments:

Post a Comment