dsniff

Sniff passwords on interface

$ sudo dsniff -i [eth0]

$ dsniff -p [capture.pcap]

$ sudo dsniff -i [eth0] -w [output.txt]

$ sudo dsniff -i [eth0] -m

dsniff [options]

dsniff is a password sniffer that captures authentication credentials from network traffic. It handles various protocols including FTP, Telnet, HTTP, SNMP, IMAP, LDAP, and others.
The tool is designed for authorized network auditing and security testing, demonstrating the risks of transmitting credentials over unencrypted protocols.

-i interface

Network interface to sniff.

Read from pcap file.

Write output to file.

Enable automatic protocol detection.

Don't resolve hostnames.

Perform half-duplex TCP stream reassembly.

Enable debugging.

FTP, Telnet, HTTP, POP, IMAP, LDAP, rlogin, RPC, SNMP, NFS, X11, IRC, AIM, CVS, Citrix, Oracle, PostgreSQL, Sybase, Microsoft SQL

Only for authorized security testing. Encrypted protocols (SSH, HTTPS) not captured. Requires root/admin privileges. May violate network policies. Protocol detection not perfect.

dsniff was created by Dug Song around 2000 as part of a suite of network auditing tools. It demonstrated the dangers of cleartext authentication, contributing to the push for encrypted protocols. The dsniff suite includes related tools like arpspoof and macof.

tcpdump(1), wireshark(1), arpspoof(1), ettercap(1)