Scribd
Upload
36 views5 pages

Sniffing

Packet sniffing is the process of monitoring and capturing data packets on a network, allowing attackers to access sensitive information. It involves configuring a Network Interface Card (NIC) to promiscuous mode to listen to all traffic, and can be executed using tools like Wireshark. Both wired and wireless networks have specific methods for sniffing, with wireless networks requiring strong encryption due to vulnerabilities in protocols like WEP.

Uploaded by

lokilamentis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views5 pages

Sniffing

Packet sniffing is the process of monitoring and capturing data packets on a network, allowing attackers to access sensitive information. It involves configuring a Network Interface Card (NIC) to promiscuous mode to listen to all traffic, and can be executed using tools like Wireshark. Both wired and wireless networks have specific methods for sniffing, with wireless networks requiring strong encryption due to vulnerabilities in protocols like WEP.

Uploaded by

lokilamentis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

‫بِسْماِللهِ الرَّحْمَنِالرَّحِيمِ‬

‫الْحَمْدُلِلَّهِرَبِّالْعَالَمِينَ‬
‫وَالصَّلوةُوَالسَّلَامُ عَلَى خَاتَمِالنَّبِيِّينَ‬
Network Sniffing CEH

Packet Sniffing How a Sniffer Works

Packet sniffing is the process of monitoring and A sniffer turns the NIC of a system to the
capturing all data packets passing through a given promiscuous mode so that it listens to all the data
network using a software application or hardware transmitted on its segment
device

Attacker PC
It allows an attacker to observe and access the running NIC Card in
Promiscuous Mode
entire network traffic from a given point
Attacker forces
switch to behave
Packet sniffing allows an attacker to gather as a hub

sensitive information such as Telnet passwords,


email traffic, syslog traffic, router configuration,
web traffic, DNS traffic, FTP passwords, chat Internet

sessions, and account information Switch


Sniffing Tools

Promiscuous mode: Configuring a Network Interface Card (NIC) to capture all


packets on medium irrespective of the destination hardware (MAC) address
Not easy in Windows and Linux
Kali:
To turn on/off e.g for eth0. Or using Wlan0 e.g. for wifi

sudo ip link set eth0 promisc on

To Check status

ip link show eth0

Packet capture and analysis tools: Wireshark


Sniffing from Wired Network
Medium access in Ethernet: Carrier Sense Multiple Access CSMA Collision Detection
CD for shared medium

Ethernet Hubs: Flooding at physical layer

Ethernet Switches: MAC based forwarding (except for broadcasts that are flooded)

Port Mirroring: Configuration (router or switch) to copy a source ports traffic to another

Sniffing on wired Networks: By adding a physical Tap or Port mirroring

https://www.endace.com/learn/what-is-packet-sniffing
https://www.cbtnuggets.com/blog/technology/networking/w
hat-is-port-mirroring
Sniffing from Wireless Networks
Medium access in WiFi:
CSMA CA with RTS and CTS due to hidden node problem
Any node in range can capture packets
Hence WiFi needs strong Encryption CA: Collision Avoidance

RTS: Request to Send


WPA Wi-Fi Protected Access protocol using encryption algorithms
like AES/RC4 (more on this later) CTS: Clear to Send

WEP (Wired Equivalent Privacy) is vulnerable


Never share sensitive information on open WiFis
However websites/services can use asymmetric encryption with
certificates e.g. HTTPS (more on this later)
https://doi.org/10.15439/2017F193
https://www.pynetlabs.com/csma-cd-vs-csma-ca/

You might also like