What is Sniffing Advance Hacking course full definition
Sniffing
Sniffing is the process of monitoring and capturing all the packets
passing through a given
network using sniffing tools. It is a form of “tapping phone wires” and get to know about
the conversation. It is also called wiretapping applied to the computer networks.
network using sniffing tools. It is a form of “tapping phone wires” and get to know about
the conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is
open, then one of their employees
can sniff the whole traffic of the network. Anyone in the same physical location can plug into the network
using Ethernet cable or connect wirelessly to that network and sniff the total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both
protected and unprotected. In
the right conditions and with the right protocols in place, an attacking party may be able to gather
information that can be used for further attacks or to cause other issues for the network or system owner.
One can sniff
the following sensitive information from a network:
Email traffic
FTP passwords
Web traffics
Sniffing can be either Active or Passive in nature.
Passive Sniffing In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.
The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.
Active Sniffing In active sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.
Types of Sniffing
Sniffing can be either Active or Passive in nature.
Passive Sniffing In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.
The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.
Active Sniffing In active sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.
Following are the Active Sniffing Techniques:
- MAC Flooding
- DHCP Attacks
- DNS Poisoning
- Spoofing Attacks
- ARP Poisoning
Protocols such as the tried and true
TCP/IP were never designed with security in mind and therefore do
not offer much
resistance to potential
intruders. Several rules
lend themselves to easy sniffing:
HTTP: It is used to send information in the clear text without
any encryption and thus a real
target.
SMTP (Simple Mail Transfer Protocol): SMTP is basically utilized in the transfer of emails. This protocol is efficient, but it does not include any protection against sniffing.
NNTP (Network News Transfer Protocol): It is used for all
types of communications,but its main
drawback is that data and even passwords are sent over the network as clear text.
POP
(Post Office
Protocol): POP is strictly used to receive emails from the servers.This protocol does not include protection against
sniffing because it can be trapped.
FTP (File
Transfer Protocol): FTP is used to send and receive files, but it does not offer any security features. All the data is sent
as clear text that can be easily sniffed.
IMAP (Internet Message Access Protocol): IMAP is same as SMTP
in its functions, but it is highly
vulnerable to sniffing.
Telnet: Telnet sends everything (usernames, passwords, keystrokes)
over the network as clear
text and hence, it can be easily sniffed.
Sniffers are not the dumb utilities
that allow you to view only live traffic. If you really want to analyze each
packet, save the capture and review it whenever time allows.
Hardware
Protocol Analyzers
Before we go into further details of
sniffers, it is important that we discuss about hardware protocol analyzers. These devices plug into the network
at the hardware level and can monitor traffic without
manipulating it.
Hardware protocol
analyzers are used to monitor and identify malicious network traffic
generated by hacking software installed in the system.
They capture a
data packet, decode it, and analyze its content according to certain rules.
Hardware protocol
analyzers allow attackers to see individual data bytes of each packet passing
through the cable.
These hardware devices are not readily
available to most ethical hackers due to their enormous cost in many cases.
Lawful
Interception
Lawful Interception (LI) is defined
as legally sanctioned access to communications network data such as telephone calls or email
messages. LI must always be in pursuance of a lawful authority for the purpose of analysis
or evidence. Therefore, LI is a security process in which a network operator or service
provider gives law enforcement officials permission to access private communications of individuals or
organizations.
Almost all countries have drafted and
enacted legislation to regulate lawful interception procedures; standardization groups
are creating LI technology specifications. Usually, LI activities are taken for the purpose
of infrastructure protection and cyber security. However, operators of private network
infrastructures can maintain LI capabilities within their own networks as an
inherent right, unless otherwise prohibited.
LI was formerly known as wiretapping and has existed since the inception
of electronic communications.
No comments:
Post a Comment