DSNIFF(8)						DSNIFF(8)


NAME
       dsniff - password sniffer

SYNOPSIS
       dsniff [-c] [-d] [-m] [-n] [-i interface] [-s snaplen] [-f
       services] [-r|-w savefile]

DESCRIPTION
       dsniff is a password sniffer which  handles  FTP,  Telnet,
       HTTP,  POP,  poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP,
       OSPF, NFS, YP, SOCKS, X11, CVS, IRC,  AIM,  ICQ,	 Napster,
       PostgreSQL,    Meeting	Maker,	 Citrix	  ICA,	 Symantec
       pcAnywhere, NAI Sniffer, Microsoft  SMB,	 Oracle	 SQL*Net,
       Sybase and Microsoft SQL protocols.

       dsniff  automatically  detects  and  minimally parses each
       application protocol, only saving  the  interesting  bits,
       and  uses Berkeley DB as its output file format, only log-
       ging unique authentication attempts. Full TCP/IP	 reassem-
       bly is provided by libnids(3).

       I  wrote	 dsniff	 with honest intentions - to audit my own
       network, and to demonstrate the	insecurity  of	cleartext
       network protocols.  Please do not abuse this software.

OPTIONS
       -c     Perform  half-duplex TCP stream reassembly, to han-
	      dle asymmetrically routed	 traffic  (such	 as  when
	      using  arpredirect(8)  to	 intercept client traffic
	      bound for the local gateway).

       -d     Enable debugging mode.

       -n     Do not resolve IP addresses to hostnames.

       -m     Enable automatic protocol detection.

       -i interface
	      Specify the interface to listen on.

       -s snaplen
	      Analyze at most the first snaplen bytes of each TCP
	      connection, rather than the default of 1024.

       -f services
	      Load triggers from a services file.

       -r savefile
	      Read  sniffed sessions from a savefile created with
	      the -w option.

       -w file
	      Write sniffed  sessions  to  savefile  rather  than
	      parsing and printing them out.

       On  a  hangup signal dsniff will dump its trigger table to
       dsniff.services, reload its triggers from the current ser-
       vice file, and reopen the current savefile.

FILES
       /usr/local/lib/dsniff.services
	      Default trigger table

       /usr/local/lib/dsniff.magic
	      Network protocol magic

SEE ALSO
       arpredirect(8), libnids(3), services(5), magic(5)

AUTHOR
       Dug Song <dugsong@monkey.org>

BUGS
       dsniff's automatic protocol detection feature is based on
       the classic file(1) command by Ian Darwin, and shares its
       historical limitations and bugs.




































								2


