DNS spoofing is an attack in which the person carrying out the MITM attack uses it to change the name resolution in the DNS server’s response to the victim, sending them to a malicious page instead of to the one they requested while still using the legitimate name.
dnsspoof command is part of the dsniff package. dsniff is a collection of security tools designed to look at different application protocols and extract important information from them when they are in cleartext. This information can then be used for future insight on the attack. Some of the other tools included within dsniff include filesnarf, mailsnarf, urlsnarf and webspy. These tools look for this specific traffic on the correct application port and can provide us details on that application. Here is a quick definition of some of them:
- Webspy: It shows us what URLs’ people are browsing by opening up a browser window locally.
- Urlsnarf: It shows us what URLs are being browsed to on the user’s network.
- mailsnarf: It shows any e-mails from POP and SMTP traffic on our network.
- dsniff: It shows passwords sent in cleartext across the network.
- dnsspoof: Various tools to sniff network traffic for cleartext insecurities.
- filesnarf: captures files from NFS traffic, and saves them in the current directory.
If you get below error:
dnsspoof: command not found
you may try installing the dsniff package as per your choice of operating system.
| Distribution | Command |
|---|---|
| Debian | apt-get install dsniff |
| Ubuntu | apt-get install dsniff |
| Arch Linux | pacman -S dsniff |
| Kali Linux | apt-get install dsniff |
| Fedora | dnf install dsniff |
| Raspbian | apt-get install dsniff |
Conclusion
Dsniff is one of the most comprehensive and powerful freely-available packet-sniffing tool suites for capturing and processing authentication information. Its functionality and numerous utilities have made it a common tool used by attackers to sniff passwords and authentication information off networks.