Tip

Network auditing with dsniff 2.3

To audit network traffic you need to employ a program like a sniffer to listen to your traffic and analyze the results. If you've ever used a network monitor such as Windows' or Solaris', then you are familiar with sniffers. Commercial sniffers gather statistics and can work with various threshold and defined events. One collection of tools that has been around a few years is

    Requires Free Membership to View

dsniff 2.3. This is actually a set of tools that not only audit, but test for network penetration. These programs can run on OpenBSD (x86), Red Hat Linux (x86), and Solaris (SPARC). It's been reported that users have been able to run these programs on FreeBSD, Debian Linux, Slackware Linux, AIX, and HP-UX. A version of dsniff has also been ported to Windows and MacOS X.

The dsniff ensemble includes the following tools: dsniff, filesnarf, dnsspoof, and macof, all of which intercept traffic that is protected from outsiders. Other programs such as sshmitm and webmitm in the package protect against what are referred to as "active monkey in the middle" attacks. In these sorts of attacks SSH and HTTPS traffic is redirected to another destination.

A two-part story on IBM's DeveloperWorks site is a very good introduction to the use of this tool, how it functions, and what it can and can't do. These articles are: "On the lookout for dsniff" and "On the Lookout for dsniff, part 2".


Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.