Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
147 views17 pages

Network Sniffing Techniques

Sniffing is the process of monitoring network traffic by capturing packets. There are two types: passive sniffing simply monitors traffic without altering it, while active sniffing can modify traffic. Sniffing tools work by putting the network interface into promiscuous mode to receive all traffic. This allows sensitive information like passwords and emails to be intercepted in clear text formats. Lawful interception by authorities is a regulated form of network monitoring.

Uploaded by

sampath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
147 views17 pages

Network Sniffing Techniques

Sniffing is the process of monitoring network traffic by capturing packets. There are two types: passive sniffing simply monitors traffic without altering it, while active sniffing can modify traffic. Sniffing tools work by putting the network interface into promiscuous mode to receive all traffic. This allows sensitive information like passwords and emails to be intercepted in clear text formats. Lawful interception by authorities is a regulated form of network monitoring.

Uploaded by

sampath
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Sniffing:

Passive Sniffing
Active Sniffing
Sniffing
• Sniffing is the process of monitoring and
capturing all the packets passing through a
given network using sniffing tools.

• It is a form of “tapping phone wires” and get


to know about the conversation.
• There is so much possibility that if a set of
enterprise switch ports is open, then one of
their employees can sniff the whole traffic of
the network.
• Sniffing allows you to see all sorts of traffic,
both protected and unprotected.

• gather information that can be used for


further attacks or to cause other issues for the
network
What can be sniffed?

• Email traffic
• FTP passwords
• Web traffics
• Telnet passwords
• Router configuration
• Chat sessions
• DNS traffic
How it works

• A sniffer normally turns the NIC of the system


to the promiscuous mode
• Promiscuous mode refers to the unique way
of Ethernet hardware, in particular, network
interface cards (NICs), that allows an NIC to
receive all traffic on the network
• Non-promiscuous mode makes it difficult to
use network monitoring and analysis software
for diagnosing connectivity issues or traffic
accounting.
Types of Sniffing

• Passive Sniffing
• Active Sniffing
Passive Sniffing

• In passive sniffing, the traffic is locked but it is


not altered in any way. Passive sniffing allows
listening only.

• It works with Hub devices.


Active Sniffing
• In active sniffing, the traffic is not only locked
and monitored, but it may also be altered in
some way as determined by the attack.

• It involves injecting address resolution


packets (ARP) into a target network to flood
on the switch content addressable
memory (CAM) table.
Active Sniffing Techniques
• MAC Flooding
• DHCP Attacks
• DNS Poisoning
• Spoofing Attacks
• ARP Poisoning
Protocols which are affected
• Protocols such as the tried and true TCP/IP
were never designed with security in mind
and therefore do not offer much resistance to
potential intruders.
Several rules lend themselves to easy
sniffing
• HTTP − It is used to send information in the clear text without any encryption and thus
a real target.

• SMTP (Simple Mail Transfer Protocol) − SMTP is basically utilized in the transfer of
emails. This protocol is efficient, but it does not include any protection against sniffing.

• NNTP (Network News Transfer Protocol)− It is used for all types of communications, but
its main drawback is that data and even passwords are sent over the network as clear
text.

• POP (Post Office Protocol) − POP is strictly used to receive emails from the servers. This
protocol does not include protection against sniffing because it can be trapped.

• FTP (File Transfer Protocol) − FTP is used to send and receive files, but it does not offer
any security features. All the data is sent as clear text that can be easily sniffed.

• IMAP (Internet Message Access Protocol) − IMAP is same as SMTP in its functions, but it
is highly vulnerable to sniffing.

• Telnet − Telnet sends everything (usernames, passwords, keystrokes) over the network
as clear text and hence, it can be easily sniffed.
Hardware Protocol Analyzers

• These devices plug into the network at the hardware level


and can monitor traffic without manipulating it.

• Hardware protocol analyzers are used to monitor and


identify malicious network traffic generated by hacking
software installed in the system.

• They capture a data packet, decode it, and analyze its


content according to certain rules.

• Hardware protocol analyzers allow attackers to see


individual data bytes of each packet passing through the
cable
Lawful Interception

• Lawful Interception (LI) is defined as legally


sanctioned access to communications network
data such as telephone calls or email messages

• LI is a security process in which a network


operator or service provider gives law
enforcement officials permission to access private
communications of individuals or organizations.
• Almost all countries have drafted and enacted
legislation to regulate lawful interception
procedures; standardization groups are
creating LI technology specifications.

• LI activities are taken for the purpose of


infrastructure protection and cyber security

• LI was formerly known as wiretapping

You might also like