diff --git a/README.md b/README.md
index 3e25a1f..9f9b742 100644
--- a/README.md
+++ b/README.md
@@ -149,6 +149,7 @@ A collection of delicious docker recipes.
 
 - [x] bro
 - [x] clamav
+- [x] dsniff
 - [x] ferm
 - [x] hydra
 - [x] iptables
diff --git a/dsniff/Dockerfile b/dsniff/Dockerfile
new file mode 100644
index 0000000..8666814
--- /dev/null
+++ b/dsniff/Dockerfile
@@ -0,0 +1,15 @@
+#
+# Dockerfile for dsniff
+#
+
+FROM alpine
+
+MAINTAINER kev <noreply@easypi.info>
+
+RUN set -xe \
+    && echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
+    && apk add --no-cache bash coreutils dsniff tmux
+
+CMD set -xe \
+    && tmux new -d -x 800 -y 600 \
+    && sleep infinity
diff --git a/dsniff/README.md b/dsniff/README.md
new file mode 100644
index 0000000..f9243be
--- /dev/null
+++ b/dsniff/README.md
@@ -0,0 +1,44 @@
+dsniff
+======
+
+[dsniff][1] is a collection of tools for network auditing and penetration
+testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively
+monitor a network for interesting data (passwords, e-mail, files, etc.).
+arpspoof, dnsspoof, and macof facilitate the interception of network traffic
+normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm
+and webmitm implement active monkey-in-the-middle attacks against redirected
+SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
+
+## docker-compose.yml
+
+```yaml
+dsniff:
+  image: vimagick/dsniff
+  net: host
+  volumes:
+    - ./data:/data
+  working_dir: /data
+  tty: yes
+  restart: unless-stopped
+```
+
+## Server Setup
+
+```bash
+$ docker-compose up -d
+$ docker-compose exec dsniff tmux ls
+$ docker-compose exec dsniff tmux a
+>>> echo -e '192.168.31.1\twww.baidu.com' >> hosts
+>>> dnsspoof -i eth0 -f hosts
+>>> arpspoof -i eth0 -t 192.168.31.1 192.168.31.102
+>>> arpspoof -i eth0 -t 192.168.31.102 192.168.31.1
+```
+
+## Client Setup
+
+```bash
+$ ping www.baidu.com
+$ curl www.baidu.com
+```
+
+[1]: https://www.monkey.org/~dugsong/dsniff/
diff --git a/dsniff/arm/Dockerfile b/dsniff/arm/Dockerfile
new file mode 100644
index 0000000..9b00ce6
--- /dev/null
+++ b/dsniff/arm/Dockerfile
@@ -0,0 +1,15 @@
+#
+# Dockerfile for dsniff-arm
+#
+
+FROM easypi/alpine-arm
+
+MAINTAINER EasyPi Software Foundation
+
+RUN set -xe \
+    && echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
+    && apk add --no-cache bash coreutils dsniff tmux
+
+CMD set -xe \
+    && tmux new -d -x 800 -y 600 \
+    && sleep infinity
diff --git a/dsniff/arm/docker-compose.yml b/dsniff/arm/docker-compose.yml
new file mode 100644
index 0000000..90c6ab9
--- /dev/null
+++ b/dsniff/arm/docker-compose.yml
@@ -0,0 +1,8 @@
+dsniff:
+  image: easypi/dsniff-arm
+  net: host
+  volumes:
+    - ./data:/data
+  working_dir: /data
+  tty: yes
+  restart: unless-stopped
diff --git a/dsniff/docker-compose.yml b/dsniff/docker-compose.yml
new file mode 100644
index 0000000..2f30e91
--- /dev/null
+++ b/dsniff/docker-compose.yml
@@ -0,0 +1,8 @@
+dsniff:
+  image: vimagick/dsniff
+  net: host
+  volumes:
+    - ./data:/data
+  working_dir: /data
+  tty: yes
+  restart: unless-stopped