dsniff is a password sniffer which handles FTP, Telnet, SMTP,
HTTP, POP, poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ, Napster,
PostgreSQL, Meeting Maker, Citrix ICA, Symantec pcAnywhere, NAI
Sniffer, Microsoft SMB, Oracle SQL*Net, Sybase and Microsoft SQL
dsniff automatically detects and minimally parses each
application protocol, only saving the interesting bits, and uses
Berkeley DB as its output file format, only logging unique
authentication attempts. Full TCP/IP reassembly is provided by
I wrote dsniff with honest intentions - to audit my own network,
and to demonstrate the insecurity of cleartext network protocols.
Please do not abuse this software.
Perform half-duplex TCP stream reassembly, to handle asymmetrically
routed traffic (such as when using arpspoof(8) to intercept client
traffic bound for the local gateway).
Enable debugging mode.
Enable automatic protocol detection.
Do not resolve IP addresses to hostnames.
Specify the interface to listen on.
Rather than processing the contents of packets observed upon the network
process the given PCAP capture file.
Analyze at most the first snaplen bytes of each TCP connection,
rather than the default of 1024.
Load triggers from a services file.
Load triggers from a comma-separated list, specified as
port/proto=service (e.g. 80/tcp=http).
Read sniffed sessions from a savefile created with the -w
Write sniffed sessions to savefile rather than parsing and
printing them out.
Specify a tcpdump(8) filter expression to select traffic to sniff.
On a hangup signal dsniff will dump its current trigger table to