This stuff may be a bit outdated it was originally done for Mac OS 10.2 (and earlier). I'll get around to updating it sometime.
Here are the install instructions for compiling and installing libpcap, libnet, libnids, dsniff, and snort on Mac OS X. You'll need the Mac OS X Developer tools installed. You'll also need OpenSSL installed if you want OpenSSL support in some of the utilities. Its fairly easy to install these utilities, but a couple small problems arise with the installer scripts. I used to provide a precompiled tarball but somebody decided to have their rootkit grab this stuff directly from my website... Some of these tools can be pretty malacious in the wrong hands. Don't go fucking around with other people's machines. It's not cool, seriously.
Aside from dsniff itself, these utilities are quite useful for writing lowlevel network utilities, investigating and maintaining network security. I use them fairly regularly in industry to test and instrument equipment in my line of work.
If you have any problems, chances are it's my fault. I wrote this up from memory and haven't gotten around to checking it.
Notes: Setup directories that files will be installed into.
mkdir -p /usr/local/sbin
mkdir -p /usr/lib
mkdir -p /usr/local/lib
mkdir -p /usr/local/
mkdir -p /usr/local/include
mkdir -p /usr/local/include/net
mkdir -p /usr/include
mkdir -p /usr/include/libnet
Notes: Libpcap is a system-independent interface for user-level packet capture. It provides a portable framework for low-level monitoring.
wget http://www.tcpdump.org/release/libpcap-0.6.2.tar.gz
tar -xvzf libpcap-0.6.2.tar.gz
cd libpcap-0.6.2
cp /usr/libexec/config.guess ./
cp /usr/libexec/config.sub ./
./configure
make
cp libpcap.a /usr/local/lib/
cp pcap.h /usr/local/include/
cp pcap-namedb.h /usr/local/include/
cp pcap-int.h /usr/local/include/
cp net/bpf.h /usr/local/include/net/
cp pcap.3 /usr/local/man/man3/
ranlib /usr/local/lib/libpcap.a
Notes: Libnet is an API for low level packet writing and handling. You can create packets at the IP layer and the link layer.
wget http://www.packetfactory.net/libnet/dist/libnet-1.0.2.tgz
tar -xvzf libnet-1.0.2.tgz
cd libnet-1.0.2
cp /usr/libexec/config.guess ./
cp /usr/libexec/config.sub ./
./configure
cp libnet-config /usr/bin
cp include/libnet.h /usr/include
cp include/libnet-* /usr/include/libnet/
cp lib/libnet.a /usr/lib
cp doc/libnet.3 /usr/local/man/man3
cd /usr/lib
ln -f -s libnet.a libpwrite.a
ranlib /usr/lib/libnet.a
Notes: Libnids provides assembly of TCP segments into TCP streams, IP deframentation, and TCP port scan detection. NIDS stands for Network Intrusion Detection System.
wget http://www.packetfactory.net/Projects/Libnids/dist/libnids-1.16.tar.gz
tar -xvzf libnids-1.16.tar.gz
cd libnids-1.16
./configure
make
make install
ranlib /usr/local/lib/libnids.a
Notes: DSniff really only does one thing, and that is to sniff passwords, the other utilities do have real-world application though. This package includes the following subutilities: arpspoof, dnsspoof, filesnarf, macof, mailsnarf, msgsnarf, sshmitm, tcpkill, tcpnice, urlsnarf, and webmitm.
wget http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
tar -xvzf dsniff-2.3.tar.gz
cd dsniff-2.3
./configure --with-openssl=/usr/local/ssl
make
make install
Notes: This is an optional package. It is used for actively detecting attacks within your network. Its usefullness comes from the fact that you can use it to detect attacks that are not directed at your machine.
wget http://www.snort.org/Files/snort-1.7.tar.gz
tar -xvzf snort-1.7.tar.gz
cd snort-1.7
cp /usr/libexec/config.guess ./
cp /usr/libexec/config.sub ./
./configure --with-openssl=/usr/local/ssl
make
make install