Sniffing is a process in which all the packets passing through network are monitored/observed and captured using a packet sniffer tools.
Packet Sniffers are used by network administrators to keep track of data traffic passing through their network. These are called network protocol analyzers.
One can sniff following information from a network like
Email traffic, FTP passwords, web traffics, telnet passwords, router configuration, chat sessions, DNS traffic, etc.
Can also steal sensitive information such as passwords, usernames, credit card information.
There are following tools used in sniffing are Wireshark , Ettercap , BetterCAP , Tcpdump , WinDump , etc.
Types of Sniffing
There are two types of sniffing attacks, active sniffing and passive sniffing.
Passive Sniffing is used on a hub network instead of switch. In this data packets are intercepted and forwarded without any form of modification. Hub device will sent traffic to all port from which attacker can easily capture traffic.
It is less intrusive and has less chances of detection.
Active Sniffing is used on a switched network. Which means it not only monitored and captured the packets, but it also be used to alter/switch/modify the packet using MAC (media access control) to the destination depending on the attacker.
It is correspondingly more intrusive and has more chances of detection.
Following are the Active Sniffing Techniques −
Is protocol vulnerable to sniffing?
Some of the protocol which does not encrypt there data before transmitting through network are vulnerable, and can be attack using sniffing.
Telnet and Rlogin – Keystrokes including username and password
Http –Send data without any encryption
Smtp-This protocol use to transfer mail in clear text format.
Nntp – Password and data sent in clear text.
Pop- receive email from the server in clear text.
Ftp - Password and data sent in clear text
Imap- Password and data sent in clear text
How to Prevent Sniffing Attacks
Wiretapping- Tapping into physical transmission medium to detect anomalies.
Hardware Protocol Analyzer
Avoid Untrusted network
Network Scanning and monitoring
What is Spoofing Attack?
In spoofing, the attacker steals the credentials of a user using masquerading(i.e masking the attacker identity) and uses them in a system as a authenticate user. Spoofing attacks are also referred to as man-in-the–middle attacks since the attacker gets in the middle of a user and a system.
As the identities on a network are mainly categories in term of IP and MAC address,
Therefore two type of spoofing are-
It is a process in which hacker send the packet onto the network with the source IP address of normal user.
In this process, detection tool will considered the packet from genuine source and this packet will get bypass from firewall.
MAC address is a unique identifier that is assigned to a NIC (Network Interface Controller/ Card).
In this process, attacker scan the network to find out authenticated mac address of the user and change their mac address to that of users.
Which help them to mask there identity over the network.
Best learning portal that provides you great learning experience of various technologies with modern compilation tools and technique
Don't hesitate to give us a call or send us a contact form message