Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9211 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

DSNIFF(8)							     DSNIFF(8)

NAME
       dsniff - password sniffer

SYNOPSIS
       dsniff [-c] [-d] [-m] [-n] [-i interface | -p pcapfile] [-s snaplen]
       [-f services] [-t trigger[,...]]]  [-r|-w savefile] [expression]

DESCRIPTION
       dsniff is a password sniffer which handles  FTP,	 Telnet,  SMTP,	 HTTP,
       POP,  poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP,
       NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL,
       Meeting	Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft
       SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

       dsniff automatically detects and minimally parses each application pro‐
       tocol,  only  saving  the interesting bits, and uses Berkeley DB as its
       output file format, only logging unique authentication  attempts.  Full
       TCP/IP reassembly is provided by libnids(3).

       I wrote dsniff with honest intentions - to audit my own network, and to
       demonstrate the insecurity of cleartext network protocols.   Please  do
       not abuse this software.

OPTIONS
       -c     Perform  half-duplex TCP stream reassembly, to handle asymmetri‐
	      cally routed traffic (such as when using arpspoof(8)  to	inter‐
	      cept client traffic bound for the local gateway).

       -d     Enable debugging mode.

       -m     Enable automatic protocol detection.

       -n     Do not resolve IP addresses to hostnames.

       -i interface
	      Specify the interface to listen on.

       -p pcapfile
	      Rather than processing the contents of packets observed upon the
	      network process the given PCAP capture file.

       -s snaplen
	      Analyze at most the first snaplen bytes of each TCP  connection,
	      rather than the default of 1024.

       -f services
	      Load triggers from a services file.

	-t trigger[,...]
	      Load   triggers	from  a	 comma-separated  list,	 specified  as
	      port/proto=service (e.g. 80/tcp=http).

       -r savefile
	      Read sniffed sessions  from  a  savefile	created	 with  the  -w
	      option.

       -w file
	      Write  sniffed  sessions	to  savefile  rather  than parsing and
	      printing them out.

       expression
	      Specify a tcpdump(8) filter  expression  to  select  traffic  to
	      sniff.

       On  a  hangup  signal  dsniff  will  dump  its current trigger table to
       dsniff.services.

FILES
       /usr/share/dsniff/dsniff.services
	      Default trigger table

       /usr/share/dsniff/dsniff.magic
	      Network protocol magic

SEE ALSO
       arpspoof(8), libnids(3), services(5), magic(5)

AUTHOR
       Dug Song <dugsong@monkey.org>

BUGS
       dsniff's automatic protocol detection feature is based on the classic
       file(1) command by Ian Darwin, and shares its historical limitations
       and bugs.

								     DSNIFF(8)

Vote for polarhome