dsniff package supports to sniff the text password over uncripted protocols, such as FTP, Telnet, SMTP, HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL protocols.

arpspoof is used for ARP spoofing.


macof generates large random MAC address as MAC flooding.

/usr/sbin/msgsnarf msgsnarf records selected messages from AOL Instant Messenger, ICQ 2000, IRC, MSN Messenger, or Yahoo Messenger chat sessions

/usr/sbin/sshmitm sshmitm proxies and sniffs SSH traffic redirected by dnsspoof(8), capturing SSH password logins, and optionally hijacking interactive sessions. Only SSH protocol version 1 is (or ever will be) supported - this program is far too evil already.

/usr/sbin/sshow sshow analyzes encrypted SSH-1 and SSH-2 traffic, identifying authentication attempts, the lengths of passwords entered in interactive sessions, and command line lengths.

/usr/sbin/tcpkill tcpkill kills specified in-progress TCP connections (useful for libnids-based applications which require a full TCP 3-whs for TCB creation).

/usr/sbin/tcpnice tcpnice slows down specified TCP connections on a LAN via "active" traffic shaping.

/usr/sbin/urlsnarf urlsnarf outputs all requested URLs sniffed from HTTP traffic in CLF (Common Log Format, used by almost all web servers), suitable for offline post-processing with your favorite web log analysis tool (analog, wwwstat, etc.).

/usr/sbin/webmitm webmitm and dnsspoof make dns spoofing, and operates as a proxy to redirect the traffic to the target web site.

/usr/sbin/webspy open the URL in realtime

Last updated