Network auditing with dsniff 2.3

A tool for monitoring and managing traffic.

To audit network traffic you need to employ a program like a sniffer to listen to your traffic and analyze the

results. If you've ever used a network monitor such as Windows' or Solaris', then you are familiar with sniffers. Commercial sniffers gather statistics and can work with various threshold and defined events. One collection of tools that has been around a few years is dsniff 2.3. This is actually a set of tools that not only audit, but test for network penetration. These programs can run on OpenBSD (x86), Red Hat Linux (x86), and Solaris (SPARC). It's been reported that users have been able to run these programs on FreeBSD, Debian Linux, Slackware Linux, AIX, and HP-UX. A version of dsniff has also been ported to Windows and MacOS X.

The dsniff ensemble includes the following tools: dsniff, filesnarf, dnsspoof, and macof, all of which intercept traffic that is protected from outsiders. Other programs such as sshmitm and webmitm in the package protect against what are referred to as "active monkey in the middle" attacks. In these sorts of attacks SSH and HTTPS traffic is redirected to another destination.

A two-part story on IBM's DeveloperWorks site is a very good introduction to the use of this tool, how it functions, and what it can and can't do. These articles are: "On the lookout for dsniff" and "On the Lookout for dsniff, part 2".


Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was first published in December 2003

Dig deeper on Network Performance Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close