dsniff-1.3 ---------- i wrote these tools with honest intentions - to audit my own network, and to demonstrate the insecurity of plaintext network protocols. please do not abuse this software. these programs require: libpcap - ftp://ftp.ee.lbl.gov/ libnet - http://www.packetfactory.net/libnet/ libnids - http://www.packetfactory.net/libnids/ libdb - http://www.sleepycat.com/ (for non-BSD/Linux systems) built and tested on OpenBSD, Linux, and Solaris. YMMV. what's here: arpredirect redirect packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. this is an extremely effective way of sniffing traffic on a switch. kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter :-) must be turned on ahead of time. findgw determine the local gateway of an unknown network via passive sniffing. macof flood the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). a straight C port of the original Perl Net::RawIP macof program. tcpkill kill specified in-progress TCP connections (useful for libnids-based applications which require a full TCP 3-whs for TCB creation). dsniff simple password sniffer. handles FTP, Telnet, HTTP, POP, IMAP, SNMP, Rlogin, NFS, X11 auth info. goes beyond most sniffers in that it minimally parses each application protocol, only saving the "interesting" bits. uses Berkeley DB as its output file format, logging only unique auth info. supports full TCP/IP reassembly, courtesy of libnids (all of the following tools do, as well). mailsnarf a fast and easy way to violate the Electronic Communications Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs all messages sniffed from SMTP traffic in Berkeley mbox format, suitable for offline browsing with your favorite mail reader (mail -f, pine, etc.). urlsnarf output all requested URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool (analog, wwwstat, etc.). webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time (as the target surfs, your browser surfs along with them, automagically). a fun party trick. :-) -d. --- http://www.monkey.org/~dugsong/