Scribd
Upload
2 views

Sniffing Eavesdropping

Sniffing and eavesdropping involve unauthorized interception of data across networks, often for malicious purposes such as stealing sensitive information. Packet sniffing can be performed using tools like Wireshark and Tcpdump, and can be classified as active or passive. Mitigation strategies include encryption, VPNs, network segmentation, and regular audits to enhance data security.

Uploaded by

Tummala SriNavya Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Sniffing Eavesdropping

Sniffing and eavesdropping involve unauthorized interception of data across networks, often for malicious purposes such as stealing sensitive information. Packet sniffing can be performed using tools like Wireshark and Tcpdump, and can be classified as active or passive. Mitigation strategies include encryption, VPNs, network segmentation, and regular audits to enhance data security.

Uploaded by

Tummala SriNavya Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Sniffing/Eavesdropping

Introduction
Sniffing and eavesdropping refer to the unauthorized interception of data as it
travels across a network. This can include various forms of communication, such
as emails, instant messages, and other data transmitted over the internet. The
primary goal of sniffing is to capture and analyse this data, often with malicious
intent, such as stealing sensitive information, login credentials, or confidential
business data.

Sniffing attacks are data thefts perpetrated by capturing network traffic with
packet sniffers, which can illegally access and read unencrypted data. The data
packets are collected when they pass through a computer network. The sniffing
devices or media used to perform this sniffing attack and collect network data
packets are known as packet sniffers.
How does packet sniffing work?
Network Interface in Promiscuous Mode:

• Network interfaces on computers and other network devices are typically


designed to accept only the packets addressed specifically to them.
• In promiscuous mode, the network interface is configured to accept all
packets on the network, regardless of the destination address. This mode
is essential for packet sniffing.

Capturing Packets:

• When a network interface is in promiscuous mode, it captures all the


packets passing through the network, including those not intended for the
device.
• The captured packets are then passed to a packet sniffing tool or software
for analysis.

Packet Sniffing Tools:

• Packet sniffing tools can be hardware devices or software applications


installed on a computer or network device.
• Examples of software-based packet sniffers include Wireshark, Tcpdump,
and bettercap.
• These tools allow users to view and analyse the content of each packet,
including its header and payload.

Packet Decoding:

• Once the packets are captured, the packet sniffing tool decodes the data
within each packet.
• The packet header contains information such as source and destination
addresses, packet type, and other metadata.
• The payload contains the actual data being transmitted, such as text,
images, or other application-specific information.
Analysis and Filtering:

• The packet sniffing tool provides users with the ability to filter and analyse
the captured packets based on various criteria.
• Users can focus on specific types of traffic, filter by source or destination
IP addresses, and even search for keywords within the packet payload.

The act of sniffing can be classified into two types: active and passive.

Passive Sniffing:

• Involves monitoring network traffic without actively participating in the


communication.
• Attackers can use tools to capture data packets flowing through the
network.

Active Sniffing:

• Requires the attacker to inject packets into the network actively.


• Can be more challenging to detect, as the attacker actively participates in
the communication process.
Methods Used for Packet Sniffing Attacks
When carrying out a packet sniffing attack, attackers may employ various
methods:
Password sniffing

As the name implies, its purpose is to obtain the victim’s password. Password
sniffing is a man-in-the-middle (MITM) cyberattack in which a hacker breaches
the connection and then steals the user’s password.

TCP session hijacking

Session hijacking takes over a web user session by secretly collecting the session
ID and masquerading as the authorized user. Once the attacker has gained the
user’s session ID, he or she can masquerade as that user and do anything the
user is allowed to do on the network.

DNS poisoning

DNS poisoning, sometimes referred to as DNS cache poisoning or DNS spoofing,


is a deceptive cyberattack in which hackers redirect internet traffic to phishing
websites or phony web servers.

JavaScript card sniffing attack

In a JavaScript sniffing attack, the attacker injects lines of code onto a website,
which subsequently harvests personal information entered by users into online
forms: generally, online store payment forms. Credit card numbers, names,
addresses, passwords, and phone numbers are the most targeted user data.

Address resolution protocol (ARP) Sniffing

Poisoning of ARP refers to the technique of delivering false ARP messages across
a local area network (LAN). These attacks are designed to reroute traffic away
from their intended destination and towards an attacker.
Tools Used for Sniffing
Wireshark

Wireshark is a widely used open-source network protocol analyser. It allows


users to capture and inspect data packets on a network in real-time. Attackers
can deploy Wireshark to analyse the content of packets, potentially extracting
sensitive information.

Tcpdump

Tcpdump is a command-line packet analyser for Unix-based systems. It captures


and displays packet data in transit on a network. While primarily a diagnostic
tool, it can be misused for malicious purposes.
Bettercap

Bettercap is a comprehensive suite for man-in-the-middle attacks. It can


intercept, log, and analyse communication between two parties, making it a
potent tool for eavesdropping.
Mitigations for Sniffing/Eavesdropping
Encryption

Implementing strong encryption protocols for data in transit is a fundamental


mitigation measure. Technologies like TLS/SSL encrypt communication
channels, making it significantly harder for attackers to decipher intercepted
data.

VPNs (Virtual Private Networks)

VPNs create secure and encrypted tunnels for data transmission over the
internet. By using VPNs, individuals and organizations can enhance the
confidentiality and integrity of their data, preventing unauthorized
eavesdropping.

Network Segmentation

Dividing a network into segments or VLANs (Virtual Local Area Networks) can
limit the scope of sniffing attacks. It adds an additional layer of protection by
isolating sensitive data and reducing the potential impact of an intrusion.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

Deploying IDS and IPS tools can help detect and prevent unauthorized access
and malicious activities on a network. These systems can identify unusual
patterns in network traffic indicative of sniffing attempts and take appropriate
action.

Regular Audits and Monitoring

Frequent network audits and monitoring can help identify any unusual or
suspicious activities. By monitoring network traffic and system logs, one can
detect and respond to potential sniffing attempts in a timely manner.
References
https://www.spiceworks.com/it-security/network-security/articles/what-is-
packet-sniffing/

https://intellipaat.com/blog/tutorial/ethical-hacking-cyber-security-
tutorial/sniffing-attacks

https://www.geeksforgeeks.org/what-is-sniffing-attack-in-system-hacking/

https://cisomag.com/what-are-sniffing-attacks-and-how-to-defend-against-
them/

https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_sniffing.htm

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy