Try lowering the rate at which you replay the dump file: I find that dsniff have trouble picking up the appropriate information when broadcasting at too high a rate.
Problem with dsniff on loopback (driftnet works fine)
Hi all,
I'm having problems using dsniff, urlsnarf, msgsnarf etc on BT3 final.
Here is what I have done: -
1. Captured packets with Kismet (locked onto a specific wireless channel)
2. Decrypted them: "airdecap-ng -b (AP address) -w (WEP key) Kismet.dump"
3. Started urlsnarf listening on loopback: "urlsnarf -i lo"
4. Started driftnet listening on loopback: "driftnet -i lo"
5. Replayed the pakets on loopback: "tcpreplay -R Kismet-dec.dump -i lo"
Driftnet works fine, but I can't get urlsnarf (and dsniff etc) working at all.
I'm using the versions in BT3 final (dsniff, urlsnarf 2.4 & tcpreplay 2.3.5 & driftnet 0.1.6)
I've seen similar threads but not exactly the same, and no solution. Has anybody got any ideas?
Thanks.
Try lowering the rate at which you replay the dump file: I find that dsniff have trouble picking up the appropriate information when broadcasting at too high a rate.
-Monkeys are like nature's humans.
Thanks.
I've just tried without the "-R" (replay as fast as possible) but still no joy.
If I have a window running "tcpdump -i lo", I can see www hosts....
Any other ideas?
Cheers.
Have you tried manually specifying a lower rate using the -r 1 option for example, as I am not sure what speed tcpreplay uses by default?
Also as far as I remember mainly dsniff have trouble working with high speeds, not urlsnarf. I just tried out urlsnarf on my BT3F and it is working perfectly even using the -R option in tcpreplay. Therefore I have to ask whether you are 100 % certain that the dump file contains any URL information?
-Monkeys are like nature's humans.
Hi,
Thanks again but yes, I tried that. It looks like the default behaviour of tcpreplay is to replay at the speed it was captured.
Here are my results: -
No speed parameter passed: -
Rate=1 : -Code:tcpreplay Kismet.dump -i lo 40625.9 bytes/sec 0.31 megabits/sec 30 packets/sec
As fast as possible: -Code:tcpreplay -r 1 Kismet.dump -i lo 131084.8 bytes/sec 1.00 megabits/sec 99 packets/sec
Any other ideas? All other threads seem to say that tcpreplay 2.3.5 works fine via loopback. Thinking about it, tcpdump seems to show the data fine so perhaps its the dsniff tools...Code:tcpreplay -R Kismet.dump -i lo 129479165.2 bytes/sec 987.85 megabits/sec 9860 packets/sec
I seem to remember an older (or patched) version of the dsniff tools could read directly from a file?
from memory tcpreplay will go as fast as it possibly can unless you tell it otherwise
No it will only run at MAX speed if you use the -R switch, as Finster's previous post clearly shows.Originally Posted by incubii
-Monkeys are like nature's humans.
Posting Permissions