dsniff cannot sniff packets

Hi All,

I am trying to learn arpspoof to sniff packets from our Test network .
My intentions are honest and I am doing this exercise only for
learning purpose .

I have installed dsniff 2.3 on a Linux Machine. The installation was
done successfully .
I am using libnids-1.18 and ibnet-1.0.2a. . These are old versions
because the installation of dsniff fails with the latest version of
libnids and libnet.

After that I did ARP spoofing so that all traffic from 192.168.16.25
(victim ) is redirected to the attacker machine ( 192.168.16.251 ) .
This was done using the following command

arpspoof -t 192.168.16.25(victim) 192.168.1.254 (Gateway )

I have enabled ip_forwarding on the attacker machine.

Then I tried to sniff username and passwords from the attacker machine
using the following command.

dsniff -i eth0 -n -c

But dsniff was not able to sniff any username and password. Although
there was traffic from the victim machine as the user (on victim
machine) tried to login to a remote site using plain text.

Please guide me where I went wrong .

With Thanks in Advance.

regards

On Tue, 14 Aug 2007, in the Usenet newsgroup comp.os.linux.security, in article
<1187095376.289023.263120@l22g2000prc.googlegroups .com>, query.cdac@gmail.com
wrote:

>I am trying to learn arpspoof to sniff packets from our Test network .
>My intentions are honest and I am doing this exercise only for
>learning purpose .

Uhuh. I'll say only that honorable use of that tool is extremely
limited. Knowledgeable security/networking types can usually obtain the
needed information without screwing up basic networking.

>I have installed dsniff 2.3 on a Linux Machine. The installation was
>done successfully .

>After that I did ARP spoofing so that all traffic from 192.168.16.25
>(victim ) is redirected to the attacker machine ( 192.168.16.251 ) .

>Then I tried to sniff username and passwords from the attacker machine
>using the following command.
>
>dsniff -i eth0 -n -c
>
>But dsniff was not able to sniff any username and password. Although
>there was traffic from the victim machine as the user (on victim
>machine) tried to login to a remote site using plain text.

OK - so the packet sniffing apparently is working. "tried to login to
a remote site using plain text" using what service? telnet? ftp? pop3?
some crappy web application? gopher?

What does a simple packet sniffer (tcpdump, ethereral, wireshark, or
similar) show?

>Please guide me where I went wrong .

Possibly trying to run before you can walk. Start by learning the basics
of packet sniffing, using one of the many common tools. Learn further
the many protocols that are used. Also learn how networking devices like
switches operate, and how they can effect packet sniffing.

Old guy