dsniff cannot sniff packets - Security

This is a discussion on dsniff cannot sniff packets - Security ; Hi All, I am trying to learn arpspoof to sniff packets from our Test network . My intentions are honest and I am doing this exercise only for learning purpose . I have installed dsniff 2.3 on a Linux Machine. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: dsniff cannot sniff packets

  1. dsniff cannot sniff packets

    Hi All,

    I am trying to learn arpspoof to sniff packets from our Test network .
    My intentions are honest and I am doing this exercise only for
    learning purpose .

    I have installed dsniff 2.3 on a Linux Machine. The installation was
    done successfully .
    I am using libnids-1.18 and ibnet-1.0.2a. . These are old versions
    because the installation of dsniff fails with the latest version of
    libnids and libnet.

    After that I did ARP spoofing so that all traffic from 192.168.16.25
    (victim ) is redirected to the attacker machine ( 192.168.16.251 ) .
    This was done using the following command

    arpspoof -t 192.168.16.25(victim) 192.168.1.254 (Gateway )

    I have enabled ip_forwarding on the attacker machine.

    Then I tried to sniff username and passwords from the attacker machine
    using the following command.

    dsniff -i eth0 -n -c

    But dsniff was not able to sniff any username and password. Although
    there was traffic from the victim machine as the user (on victim
    machine) tried to login to a remote site using plain text.

    Please guide me where I went wrong .

    With Thanks in Advance.

    regards


  2. Re: dsniff cannot sniff packets

    On Tue, 14 Aug 2007, in the Usenet newsgroup comp.os.linux.security, in article
    <1187095376.289023.263120@l22g2000prc.googlegroups. com>, query.cdac@gmail.com
    wrote:

    >I am trying to learn arpspoof to sniff packets from our Test network .
    >My intentions are honest and I am doing this exercise only for
    >learning purpose .


    Uhuh. I'll say only that honorable use of that tool is extremely
    limited. Knowledgeable security/networking types can usually obtain the
    needed information without screwing up basic networking.

    >I have installed dsniff 2.3 on a Linux Machine. The installation was
    >done successfully .


    >After that I did ARP spoofing so that all traffic from 192.168.16.25
    >(victim ) is redirected to the attacker machine ( 192.168.16.251 ) .


    >Then I tried to sniff username and passwords from the attacker machine
    >using the following command.
    >
    >dsniff -i eth0 -n -c
    >
    >But dsniff was not able to sniff any username and password. Although
    >there was traffic from the victim machine as the user (on victim
    >machine) tried to login to a remote site using plain text.


    OK - so the packet sniffing apparently is working. "tried to login to
    a remote site using plain text" using what service? telnet? ftp? pop3?
    some crappy web application? gopher?

    What does a simple packet sniffer (tcpdump, ethereral, wireshark, or
    similar) show?

    >Please guide me where I went wrong .


    Possibly trying to run before you can walk. Start by learning the basics
    of packet sniffing, using one of the many common tools. Learn further
    the many protocols that are used. Also learn how networking devices like
    switches operate, and how they can effect packet sniffing.

    Old guy

+ Reply to Thread