LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-14-2007, 07:25 AM   #1
bzlaskar
Member
 
Registered: May 2006
Location: Bangalore, INDIA
Distribution: Fedora Core
Posts: 69
Blog Entries: 2

Rep: Reputation: 17
dsniff cannot sniff packets


Hi All,

I am trying to learn arpspoof to sniff packets from our Test network . My intentions are honest and I am doing this exercise only for learning purpose .

I have installed dsniff 2.3 on a Linux Machine. The installation was done successfully .
I am using libnids-1.18 and ibnet-1.0.2a. . These are old versions because the installation of dsniff fails with the latest version of libnids and libnet.

After that I did ARP spoofing so that all traffic from 192.168.16.25 (victim ) is redirected to the attacker machine ( 192.168.16.251 ) . This was done using the following command

arpspoof -t 192.168.16.25(victim) 192.168.1.254 (Gateway )

I have enabled ip_forwarding on the attacker machine.

Then I tried to sniff username and passwords from the attacker machine
using the following command.

dsniff -i eth0 -n -c

But dsniff was not able to sniff any username and password. Although there was traffic from the victim machine as the user (on victim machine) tried to login to a remote site using plain text.

Please guide me where I went wrong .

With Thanks in Advance.

regards
 
Old 08-14-2007, 10:15 AM   #2
cjcox
Member
 
Registered: Jun 2004
Posts: 307

Rep: Reputation: 42
Verify you are really seeing the packets by using tcpdump.

Some (smarter more expensive) switches are smart enough to prohibit the old arp spoofing techniques. You might not be able to do it.
 
Old 08-16-2007, 01:36 AM   #3
bzlaskar
Member
 
Registered: May 2006
Location: Bangalore, INDIA
Distribution: Fedora Core
Posts: 69

Original Poster
Blog Entries: 2

Rep: Reputation: 17
Quote:
Originally Posted by cjcox View Post
Verify you are really seeing the packets by using tcpdump.

I was able to see packets using Wireshark.


Some (smarter more expensive) switches are smart enough to prohibit the old arp spoofing techniques. You might not be able to do it.
I tried the same thing with Windows based Password Sniffer tools and I was able to sniff packets. So , the switch is not smart enough to prevent ARP spoofing.

So , it seems the problem lies with dsniff only..........
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
using ettercap to sniff local packets to catch video link ? raven4d Linux - Networking 3 12-28-2006 05:06 PM
Ability to sniff, process and drop packets kidskc Linux - Networking 1 08-18-2005 01:40 AM
Can't sniff packets using libpcap masterm Linux - Networking 0 05-17-2005 05:58 PM
How do I sniff in a switched environment with Dsniff? bin_shell Linux - Security 2 03-20-2004 11:40 AM
output of dsniff \ *sniff Wetfeet2000 Linux - Software 0 01-14-2004 07:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration