Msgsnarf should by default just output any message to the screen that it can decode. I may be wrong, but I don't think there are many command line options for msgsnarf, if it says it's listening you're probably doing it right, as long as eth0 is the right device of course... I think you can have output sent to a file as well using '>' in windows or linux, I think it is the same in both, but if the output isn't going to the screen it probably won't go to a file either...
Are you sure that the messages are properly being intercepted? If they are, you should also be able to see them if you start up ethereal and watch the packets fly by (assuming there are people on the network sending messages at the time). You might want to take a look at ettercap as well, it works pretty nicely with dsniff/*snarf... It can do the arp poisoning/packet forwarding while you sniff with whatever you like. Anyway, good luck.. learning new stuff is fun, dsniff/ettercap was my experiment for last week.. =) Caleb -----Original Message----- From: Neil Ryan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 4:41 PM To: [EMAIL PROTECTED] Subject: using dsniff and *snarf Greets, I am pretty new to the security world, and am starting by learning how simple networks are subverted. I have been hacking my home network, but have not been able to get the *snarf commands from dsniff to produce any useful output. As root, I use fragrouter to forward packets, and arpspoof to intercept packets for the gateway. When I use msgsnarf, it says "msgsnarf: listening on eth0" - but no data... Info on the WWW seems rather spotty... Can anyone illustrate a common command line for these utilities? Any help is appreciated! Neil -- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
