Skip to content

Latest commit

 

History

History
49 lines (37 loc) · 1.78 KB

README.md

File metadata and controls

49 lines (37 loc) · 1.78 KB

Resurrection and enhancements of Dug Song's all-time-classic network sniffer:

  • Hides the command line options (ENV_ARGS=) from the process list (ps).
  • Show Banners (-v).
  • HTTP parsing improvements & Cookie logging.
  • No duplicates: Reports each result only once.
  • Stand-alone & static binary (no need for dsniff.magic/dsniff.services)
  • Deep-Packet-Inspection (-m). Port agnostic.

Download the Pre Compiled Static Binary for Linux, FreeBSD and OpenBSD.

curl -SsfL "https://github.com/hackerschoice/dsniff/releases/latest/download/dsniff_linux-$(uname -m)" -o dsniff

Run (example):

export ENV_ARGS="-i eth0 -v -m not port 443" # hide options from the process list
./dsniff

The reason why I prefer dsniff over most others:

  1. The results give a quick overview who/where SSL/SSH is being used.
  2. It logs Cookies and Session IDs.
  3. It shows plaintext HTTP Location: redirects to HTTPS.
  4. It shows WireGuard or SSH on non-default ports (like port 31337). Those tend to be worthy admins.

dsniff-thc-screenshot

Compile:

./configure --enable static && make dsniff

Useful parameters:

-C - Force Color [default is to show color on TTY only]
-P - Use promisc mode
-v - Show banners (SNI, SSH, HTTP, Cookies, ...)
-m - Detect protocol regardless of the port (e.g ssh on port 222 etc).

Compare original: Diff
Original README


Similar tools: