← 返回命令列表

Linux command

dsniff 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

Sniff passwords

sudo dsniff -i [eth0]

Read from capture file

dsniff -p [capture.pcap]

Write to file

sudo dsniff -i [eth0] -w [output.txt]

Enable automatic protocol detection

sudo dsniff -i [eth0] -m

Read from a previously saved session file

dsniff -r [savefile]

Sniff with custom trigger definitions

sudo dsniff -i [eth0] -t [80/tcp=http]

说明

dsniff is a password sniffer that passively monitors network traffic to capture authentication credentials transmitted in cleartext. It supports a comprehensive array of protocols including FTP, Telnet, HTTP, SNMP, IMAP, POP, LDAP, rlogin, RPC, NFS, X11, Oracle, PostgreSQL, and many others. The tool operates by analyzing packet streams and extracting usernames and passwords as they traverse the network. It performs automatic protocol detection and TCP stream reassembly to correctly capture credentials from multi-packet exchanges. dsniff was designed for authorized network security auditing and penetration testing, demonstrating the significant security risks of transmitting credentials over unencrypted protocols. Its existence helped drive the widespread adoption of encrypted alternatives like SSH and HTTPS. The tool remains relevant for security assessments and identifying legacy systems using insecure authentication methods.

参数

-i _interface_
Network interface to sniff.
-p _file_
Read from pcap file.
-w _file_
Write output to file.
-m
Enable automatic protocol detection.
-n
Don't resolve hostnames.
-c
Perform half-duplex TCP stream reassembly.
-s _snaplen_
Analyze at most the first snaplen bytes of each TCP connection (default 1024).
-f _services_
Load trigger definitions from a services configuration file.
-t _trigger,..._
Load triggers from a comma-separated list, specified as port/proto=service.
-r _savefile_
Read previously captured sessions from a saved file.
-d
Enable debugging.

FAQ

What is the dsniff command used for?

dsniff is a password sniffer that passively monitors network traffic to capture authentication credentials transmitted in cleartext. It supports a comprehensive array of protocols including FTP, Telnet, HTTP, SNMP, IMAP, POP, LDAP, rlogin, RPC, NFS, X11, Oracle, PostgreSQL, and many others. The tool operates by analyzing packet streams and extracting usernames and passwords as they traverse the network. It performs automatic protocol detection and TCP stream reassembly to correctly capture credentials from multi-packet exchanges. dsniff was designed for authorized network security auditing and penetration testing, demonstrating the significant security risks of transmitting credentials over unencrypted protocols. Its existence helped drive the widespread adoption of encrypted alternatives like SSH and HTTPS. The tool remains relevant for security assessments and identifying legacy systems using insecure authentication methods.

How do I run a basic dsniff example?

Run `sudo dsniff -i [eth0]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -i _interface_ do in dsniff?

Network interface to sniff.