Scribd
Upload
59 views

Network Sniffing

Network sniffing involves monitoring and recording network traffic passing through a device. It can be done actively by interacting with the network or passively by just observing traffic. Sniffers are used both legitimately by network administrators to troubleshoot issues and illegitimately by attackers to steal sensitive information like passwords. Different types of sniffers target specific parts of network traffic like MAC addresses, protocols, or IP addresses. While sniffers have valid uses, they also enable cybercrimes when used by hackers to intercept unencrypted data.

Uploaded by

Dr. Suman Rani
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
59 views

Network Sniffing

Network sniffing involves monitoring and recording network traffic passing through a device. It can be done actively by interacting with the network or passively by just observing traffic. Sniffers are used both legitimately by network administrators to troubleshoot issues and illegitimately by attackers to steal sensitive information like passwords. Different types of sniffers target specific parts of network traffic like MAC addresses, protocols, or IP addresses. While sniffers have valid uses, they also enable cybercrimes when used by hackers to intercept unencrypted data.

Uploaded by

Dr. Suman Rani
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 9

Network Sniffing

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000


Sniffing
 It used to monitor and record all data packets continuously that go
through a network.
 Network/system administrators employ sniffers to monitor and
troubleshoot network traffic.
 Attackers use sniffers to capture data packets carrying sensitive
passwords and account information.
 Sniffers are implemented as hardware or software in the system. A
hostile intruder can gather and analyse all network traffic by using a
packet sniffer in promiscuous mode on a network.
 A packet sniffer is another term for a network sniffer. Because every
packet of data is sniffed through the network to avoid network-
related issues, it's called a packet sniffer.
 The packet sniffer tool is implemented to investigate cybercrime,
hackers, and data theft. It can be employed for both ethical and
unethical reasons.
2
Active Sniffing
 Active Sniffing involves sniffing in the switch. A
switch is a network device that provides a
connection between two points.
 The switch controls the flow of data between its
ports by continuously checking the MAC address on
each port, ensuring that data is sent to the correct
destination.
 Sniffers actively spike traffic into the LAN to
monitor communication between targets and
enable traffic sniffing. Active sniffing is done in a
variety of ways.

3
Passive Sniffing
 The attacker does not interact with the
target in this sniffing.
 They connect to the network and collect
packets sent and received by the network
and the packets sent and received between
two devices.
 This sniffing is done through the hub. An
attacker uses their PC to connect to the hub.
The attacker only needs a LAN account.

4
Types of Network Sniffers
 Mac sniffers − Sniffers are used to sniff data relevant to the
MAC address filter.
 Protocol sniffer − It sniffs the data on the network for network
protocols.
 LAN sniffer − This type of device is primarily employed in
internal systems or networks, and it can inspect an entire range
of IP addresses.
 IP sniffers − Sniff all data relevant to a specific IP filter. It
records the data packets for analysis and diagnosis. IP sniffers
capture network traffic and log the information, generally
delivered in a human-readable format for analysis. They may be
used by network administrators and hackers of all stripes to
assess the current condition of a network, identify network
vulnerabilities, and evaluate network performance.

TCP/IP Protocol Suite 5


Contd..
 ARP sniffers − Rather than sending packets to the
host only and passed to the network administrator,
packets are sent to the ARP caches of both network
hosts in this sniffing. It also allows attackers to map IP
addresses to MAC addresses, carrying out packet
spoofing and other vulnerabilities or poisoning attacks.
 Password sniffers − It is a technique for extracting
information from network traffic to harvest passwords.
Hackers used to target sessions to steal credentials
and other information. Websites that don't have an
SSL protocol encryption to protect themselves are
vulnerable to attack and exploitation

TCP/IP Protocol Suite 6


Use of Network Sniffers
 Hackers primarily employ network sniffers to gather
information on passwords and other sensitive
information. The sniffer decodes data in packets
travelling from source to destination, between client
and server, or between organisations.
 They functioned as middlemen and employed a packet
injection attack to grab the data. For example, a
network sniffer can track down someone using too
much bandwidth at a university or company by
monitoring network traffic. They are also used to
detect security vulnerabilities in our system.

TCP/IP Protocol Suite 7


 Today, however, black hat hacking is a widespread
application for them. In the wrong hands, network
sniffing tools can allow anyone with little to no
hacking expertise to monitor network traffic across
unsecured WiFi networks to steal passwords and
other sensitive data.
 This reason can give network sniffing tools a bad
name, yet network sniffers have many valid purposes.

TCP/IP Protocol Suite 8


TCP/IP Protocol Suite 9

You might also like