Duo's two-factor authentication protects against credential theft - try it for free!

dsniff

latest release: dsniff-2.3.tar.gz (CHANGES)
beta snapshots

Abstract

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

I wrote these tools with honest intentions - to audit my own network, and to demonstrate the insecurity of most network application protocols. Please do not abuse this software.

Documentation

In addition to man pages included in the distribution, a dsniff Frequently-Asked Questions document is also available.

Pour les francophones, Denis Ducamp a traduit les manuels de dsniff-2.3 en franšais.

Support

A mailing list for dsniff announcements and moderated discussion is open to the public. To subscribe, send e-mail with the word "subscribe" in the body of the message to <dsniff-request@monkey.org>.

Further Reading

Recent presentations: Recent press:

dsniff around the world:

Recent books that cover dsniff in some detail:


Dug Song <dugsong@monkey.org>