Ethical Hacking - Sniffing

Sniffing is a process of monitoring and capturing all data packets passing through a network. Sniffers are used by network or system administrator to monitor and troubleshoot network traffic.

Attackers use sniffers to capture data packets containing sensitive information such as password, account information etc.

There are two types of Sniffing. These are :

Active Sniffing : Active Sniffing is used to sniff a switch-based network. In active sniffing, attacker inject address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.

Following are the Active Sniffing Techniques −

  • MAC Flooding

  • DHCP Attacks

  • Spoofing Attacks

  • ARP Poisoning

Passive Sniffing : Passive Sniffing is used to sniff a non-switched or unbridged network from a hub. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.

Following are the tools used for Packet Sniffing :

Wireshark - Widely used network protocol analyzer to monitor network and packet flows in the network. It is free and works in multi platforms.

Tcpdump - It has less security risk, requires few resource only. In windows it runs as WinDump.

Kismet - Specifically used to sniff in wireless networks, even from hidden networks and SSIDs.