Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi every one:
I Finally succeeded in install Dsniff in my Mandrake 10.1 PC. However, I tried to capture a log in information of my email and some SMB in a small local Network I made between few PCs, when I use the Dsniff it tell me it trigger a blah .. blah protocol EX:
dsniff: trigger_tcp_raw: decoding port 8080 as http
How could I View the Exact representation of the capture packet
Note if I didn't use the debug mode that above line won't even appear...
[root@localhost ~]# dsniff -c -d -i eth0
dsniff: trigger_set_tcp: port 21 -> ftp
dsniff: trigger_set_tcp: port 23 -> telnet
dsniff: trigger_set_tcp: port 25 -> smtp
dsniff: trigger_set_ip: proto 47 -> pptp
dsniff: trigger_set_tcp: port 80 -> http
dsniff: trigger_set_ip: proto 89 -> ospf
dsniff: trigger_set_tcp: port 98 -> http
dsniff: trigger_set_tcp: port 106 -> poppass
dsniff: trigger_set_tcp: port 109 -> pop
dsniff: trigger_set_tcp: port 110 -> pop
dsniff: trigger_set_tcp: port 111 -> portmap
dsniff: trigger_set_tcp: port -111 -> portmap
dsniff: trigger_set_udp: port 111 -> portmap
dsniff: trigger_set_udp: port -111 -> portmap
dsniff: trigger_set_ip: proto 112 -> vrrp
dsniff: trigger_set_tcp: port 119 -> nntp
dsniff: trigger_set_tcp: port 139 -> smb
dsniff: trigger_set_tcp: port 143 -> imap
dsniff: trigger_set_udp: port 161 -> snmp
dsniff: trigger_set_tcp: port 220 -> imap
dsniff: trigger_set_tcp: port 261 -> telnet
dsniff: trigger_set_tcp: port 389 -> ldap
dsniff: trigger_set_tcp: port 417 -> mmxp
dsniff: trigger_set_udp: port 417 -> mmxp
dsniff: trigger_set_tcp: port 512 -> rlogin
dsniff: trigger_set_tcp: port 513 -> rlogin
dsniff: trigger_set_tcp: port 514 -> rlogin
dsniff: trigger_set_udp: port 520 -> rip
dsniff: trigger_set_tcp: port 587 -> smtp
dsniff: trigger_set_tcp: port 1080 -> socks
dsniff: trigger_set_tcp: port 1433 -> tds
dsniff: trigger_set_udp: port 1433 -> tds
dsniff: trigger_set_tcp: port 1494 -> citrix
dsniff: trigger_set_tcp: port 1521 -> oracle
dsniff: trigger_set_tcp: port 1526 -> oracle
dsniff: trigger_set_udp: port 2001 -> sniffer
dsniff: trigger_set_tcp: port 2401 -> cvs
dsniff: trigger_set_tcp: port 2417 -> mmxp
dsniff: trigger_set_udp: port 2417 -> mmxp
dsniff: trigger_set_tcp: port 2638 -> tds
dsniff: trigger_set_tcp: port 3128 -> http
dsniff: trigger_set_udp: port 4000 -> icq
dsniff: trigger_set_tcp: port 4444 -> napster
dsniff: trigger_set_tcp: port 5190 -> aim
dsniff: trigger_set_tcp: port 5432 -> postgresql
dsniff: trigger_set_tcp: port 5555 -> napster
dsniff: trigger_set_tcp: port 5631 -> pcanywhere
dsniff: trigger_set_tcp: port 6000 -> x11
dsniff: trigger_set_tcp: port 6001 -> x11
dsniff: trigger_set_tcp: port 6002 -> x11
dsniff: trigger_set_tcp: port 6003 -> x11
dsniff: trigger_set_tcp: port 6004 -> x11
dsniff: trigger_set_tcp: port 6005 -> x11
dsniff: trigger_set_tcp: port 6666 -> napster
dsniff: trigger_set_tcp: port 6667 -> irc
dsniff: trigger_set_tcp: port 6668 -> irc
dsniff: trigger_set_tcp: port 6669 -> irc
dsniff: trigger_set_tcp: port 7599 -> tds
dsniff: trigger_set_tcp: port 7777 -> napster
dsniff: trigger_set_tcp: port 8080 -> http
dsniff: trigger_set_tcp: port 8888 -> napster
dsniff: trigger_set_tcp: port 9898 -> aim
dsniff: trigger_set_tcp: port 65301 -> pcanywhere
dsniff: trigger_set_rpc: program 100005 -> mountd
dsniff: trigger_set_rpc: program 100004 -> ypserv
dsniff: trigger_set_rpc: program 100009 -> yppasswd
dsniff: listening on eth0
dsniff: trigger_tcp_raw: decoding port 8080 as http
dsniff: trigger_tcp_raw: decoding port 8080 as http
dsniff: trigger_tcp_raw: decoding port 8080 as http
dsniff: trigger_tcp_raw: decoding port 139 as smb
If you want the exact capture data, you'll want to use a more robust sniffer like tcpdump, ettercap, or ethereal. dsniff is an application with a specifc purpose to capture and extract login credentials from known protocols.
OK... but the thing is that What is the Exact Benefits from using Dsniff... I could use Ethereal which specify exactly each field in SMB packet. This is one point.
You Said :: "dsniff is an application with a specifc purpose to capture and extract login credentials from known protocols."
Q: Where did dsniff exactlly extract login credentials? In what format they are? how can they be retrived
Originally posted by mmhat
Q: Where did dsniff exactlly extract login credentials? In what format they are? how can they be retrived
They are either written to STDOUT, or can be written to a file using the -w flag.
You may want to read the man page, and other informational pages found by googling dsniff.
Yes Man you are to the Point GNUbie I tried the -w [file] option in the dsniff BUT!!! I could not Understand or interpret the meaning of what is inside it ( It codes and ununderstood symbols)... Therefore, Let me rephrase my question Is there a tool or method that is capable of translate the contant of this dsniff output file to a meaningful text.
One last thing you mentioned the output might be written to STDOUT. What is that? Can you please clarify this point?
Originally posted by mmhat
Yes Man you are to the Point GNUbie I tried the -w [file] option in the dsniff BUT!!! I could not Understand or interpret the meaning of what is inside it ( It codes and ununderstood symbols)... Therefore, Let me rephrase my question Is there a tool or method that is capable of translate the contant of this dsniff output file to a meaningful text.
One last thing you mentioned the output might be written to STDOUT. What is that? Can you please clarify this point?
I Appreciate your cooperative with me.
Thanks
You can read the file that dsniff has saved to using the -r option. For example, if you ran dsniff with the following:
bash# dsniff -m -n -i eth0 -w /tmp/dsniff.logfile
You could then read the saved data using:
bash# dsniff -r /tmp/dsniff.logfile
As for your question of STDOUT... STDOUT is merely the place where a process normally puts its output. If you were to run dsniff from a terminal, and not use the -w flag, any login credentials detected by dsniff would be output to the screen in the terminal that dsniff was run from.
Originally posted by GNUbie You can read the file that dsniff has saved to using the -r option. For example, if you ran dsniff with the following:
bash# dsniff -m -n -i eth0 -w /tmp/dsniff.logfile
You could then read the saved data using:
bash# dsniff -r /tmp/dsniff.logfile
OK ... I believe this is where my problem begins...
I tried the write and read options for the dsniff BUT!!! it did not give me any thing
Originally posted by mmhat
OK ... I believe this is where my problem begins...
I tried the write and read options for the dsniff BUT!!! it did not give me any thing
Using the editor Kate in manderiva 10.1
So Where is the problem???
You haven't captured any login credentials. Initiate some plaintext authenticated sessions (eg: telnet, ftp, pop3, etc) with dsniff running. Then you should have some findings. Also, storing your logfile to /tmp means that your logfile will be deleted when the computer reboots as /tmp is thusly cleaned at that point.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.