Sniffing

Sniffing


In this blog you are going to learn what is sniffing ? types of sniffing, tools and protocols that are vulnerable to sniffing attacks.

Sniffing is the process of monitoring and capturing all the packets through a given network. This work is assigned to network/system administrator to monitor network traffic. Attackers use this method to capture data packets containing sensitive information such as passwords, account information etc. Sniffers can be hardware or software. It is also called as wiretapping because you may have seen this situation where a third person bugs a telephone line to hear a conversation, it's the same method only an attacker sniffs network in this case.










Types of Sniffing 

Now you are going to see what are the types of sniffing.
  • Active Sniffing
  • Passive Sniffing

Active Sniffing : 

If an attacker tries active sniffing it will lock, monitor and also alter the data packets in some way. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets into target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected.

Active Sniffing Techniques

MAC Flooding
DHCP Attacks
DNS Poisoning
ARP Poisoning
Spoofing Attacks

Passive Sniffing : 

In Passive Sniffing the packets can be monitored it cannot be altered in any way. It works with hub devices. On a hub device the traffic is sent to all the ports. In a network that uses hubs to connect systems, all host on the network can see the traffic therefore an attacker can capture traffic going through. But today most modern networks use switches hence passive sniffing is no more effective.








Sniffing Tools 


  • BetterCAP
  • Ettercap
  • Wireshark
  • Tcpdump
  • WinDump

Protocols that are vulnerable to sniffing attacks


HTTP - It sends information in plain text thus a real target.

SMTP - It is used in transferring emails.

NNTP - It is used in all types of communication and sends data in plain text.

POP - It is used to receive emails from servers.

FTP - It is used in sending and receiving files.

IMAP - same as SMTP but more vulnerable.

Telnet - Sends everything (usernames, passwords, keystrokes) over the network in plain text.




Comments

Popular

OSI model

Ethical hacking terminologies

Phases of ethical hacking