
dsniff-1.3
----------

i wrote these tools with honest intentions - to audit my own network,
and to demonstrate the insecurity of plaintext network protocols.
please do not abuse this software.

these programs require:

      libpcap - ftp://ftp.ee.lbl.gov/
      libnet - http://www.packetfactory.net/libnet/
      libnids - http://www.packetfactory.net/libnids/
      libdb - http://www.sleepycat.com/	(for non-BSD/Linux systems)

built and tested on OpenBSD, Linux, and Solaris. YMMV.

what's here:

arpredirect
	redirect packets from a target host (or all hosts) on the LAN
	intended for another host on the LAN by forging ARP replies.
	this is an extremely effective way of sniffing traffic on a
	switch. kernel IP forwarding (or a userland program which
	accomplishes the same, e.g. fragrouter :-) must be turned on
	ahead of time.

findgw
	determine the local gateway of an unknown network via passive
	sniffing.

macof
	flood the local network with random MAC addresses (causing
	some switches to fail open in repeating mode, facilitating
	sniffing). a straight C port of the original Perl Net::RawIP
	macof program.

tcpkill
	kill specified in-progress TCP connections (useful for
	libnids-based applications which require a full TCP 3-whs for
	TCB creation).

dsniff
	simple password sniffer. handles FTP, Telnet, HTTP, POP, IMAP,
	SNMP, Rlogin, NFS, X11 auth info. goes beyond most sniffers in
	that it minimally parses each application protocol, only
	saving the "interesting" bits. uses Berkeley DB as its output
	file format, logging only unique auth info. supports full
	TCP/IP reassembly, courtesy of libnids (all of the following
	tools do, as well).

mailsnarf
	a fast and easy way to violate the Electronic Communications
	Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
	all messages sniffed from SMTP traffic in Berkeley mbox
	format, suitable for offline browsing with your favorite mail
	reader (mail -f, pine, etc.).

urlsnarf
	output all requested URLs sniffed from HTTP traffic in CLF
	(Common Log Format, used by almost all web servers), suitable
	for offline post-processing with your favorite web log
	analysis tool (analog, wwwstat, etc.).

webspy
	sends URLs sniffed from a client to your local Netscape
	browser for display, updated in real-time (as the target
	surfs, your browser surfs along with them, automagically).
	a fun party trick. :-)

-d.

---
http://www.monkey.org/~dugsong/
