If you want to run it in a live fashion you need to implement a MITM attack, for example using ettercap, as well. Otherwise you can always use it to pull out credentials from a pre-captured pcap file.Originally Posted by bulgin
Dsniff listing on eth0 w/o arp poisoning nor MITM
If I am running dsniff on the same machine through which I connect to a sniffable service (smtp, web page login, ftp, etc.) and run it with:
dsniff -i eth0
and it responds with:
dsniff listening on eth0
shouldn't it pull out sniffable data without the need for MITM or Arp poisoning (I know this is not the standard method of using it, but I'm just testing).
But it doesn't pull out anything.
Must it always be run as a MITM or arp poisoning scenario? Can't seem to find an answer to that question.
If you want to run it in a live fashion you need to implement a MITM attack, for example using ettercap, as well. Otherwise you can always use it to pull out credentials from a pre-captured pcap file.
-Monkeys are like nature's humans.
Thanks Tron, I appreciate your reply and that information is most useful. I just kinda wonder then why couldn't it pull out credentials if:
1) dsniff says it is monitorig eth0, and,
2) I am using the same eth0 to access sites that require authentication.
I mean, monitoring eth0 is monitoring eth0.... so in my mind it seems that it should be able to pull out the credentials from eth0. But I'm not going to make a federal case over it, I'm sure there is some technical detail I don't fully understand. That said, I appreciate your information.
Thanks!
Posting Permissions