Ethical Hacking Sniffing - Ethical Hacking

What is Ethical Hacking Sniffing?

The process of monitoring and capturing the packets which pass through a network is Sniffing. The tools used for this process are sniffing tools. The process is similar to that of “tapping phone wires” and try to know the conversation details, also termed as wiretapping for computer networks.

The whole traffic of the network can be sniffed by employees, if one of the switch ports is open. Ethernet cable can be used and can plug into the network in the same physical location and connect to that network and sniff the traffic.

All sorts of traffic – protected and unprotected can be made visible by sniffing. The attacking party can gather information and can use for further attacks or raise any other network issues.

What can be sniffed?

The following sensitive information from a network can be sniffed -

  • Email traffic
  • FTP passwords
  • Web traffics
  • Telnet passwords
  • Router configuration
  • Chat sessions
  • DNS traffic

How Sniffing works?

The data transmitted to the segment is made to be listened by shifting the NIC of the system to promiscuous mode. Promiscuous mode refers to the unique way of Ethernet hardware, in particular, network interface cards (NICs), that allows an NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device.

Sniffing Networks

On the other hand, non-promiscuous mode makes the usage of network monitoring and software analysis difficult for traffic accounting.

Through NIC all the traffic is continuously monitored by sniffer, by decoding the information from the data packets.

What are the different types of Sniffing?

Sniffing is of two types - Active or Passive.

Passive Sniffing

In passive sniffing, the traffic cannot be altered as the traffic is locked. One can only listen through passive sniffing. The traffic is sent to all the ports as it works on a hub device. An attacker can easily capture the traffic in the cases where network uses the hubs to connect systems.

The advantage is that the modern networks now-a-days uses switches and thus passive sniffing is left with no significance or effective.

Active Sniffing

In active sniffing, the traffic may be altered in some way as desired by the attacker since the traffic is not locked. Usually switch-based networks are sniffed by Active Sniffing.It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.

Some of the techniques used for Active Sniffing are:

  • MAC Flooding
  • DHCP Attacks
  • DNS Poisoning
  • Spoofing Attacks
  • ARP Poisoning

What are the Protocols which are affected by Sniffing?

Some of the protocols like true TPC/IP are not designed in any security aspects and therefore does not offer any resistance to hacking. The protocols which are most likely to be affected by Sniffing are:

  • HTTP − It is used to send information in the clear text without any encryption and thus a real target.
  • SMTP (Simple Mail Transfer Protocol) − SMTP is basically utilized in the transfer of emails. This protocol is efficient, but it does not include any protection against sniffing.
  • NNTP (Network News Transfer Protocol)− It is used for all types of communications, but its main drawback is that data and even passwords are sent over the network as clear text.
  • POP (Post Office Protocol) − POP is strictly used to receive emails from the servers. This protocol does not include protection against sniffing because it can be trapped.
  • FTP (File Transfer Protocol) − FTP is used to send and receive files, but it does not offer any security features. All the data is sent as clear text that can be easily sniffed.
  • IMAP (Internet Message Access Protocol) − IMAP is same as SMTP in its functions, but it is highly vulnerable to sniffing.
  • Telnet − Telnet sends everything (usernames, passwords, keystrokes) over the network as clear text and hence, it can be easily sniffed.

To be alert from sniffing, analyze each packet be saving and capturing and reviewing whenever time allows.

What are Hardware Protocol Analyzers?

The devices which can be used to plug into the network at hardware level and thus monitor the traffic are known as Hardware protocol analyzers.

  • Hardware protocol analyzers are used to monitor and identify malicious network traffic generated by hacking software installed in the system.
  • They capture a data packet, decode it, and analyze its content according to certain rules.
  • Hardware protocol analyzers allow attackers to see individual data bytes of each packet passing through the cable.

The devices are very expensive and hence are not much available to the ethical hackers.

What is Lawful Interception?

The legally sanctioned access to the network data like telephone calls or email messages is Lawful Interception (LI). LI should always be from a lawful authority. The security process where official permission is given to a network operator or service provider to access the private communications or a person or individuals id LI.

The legislation to regulate the lawful interception is enacted by almost all the countries. LI are usually done for infrastructure protection and cyber security. Unless prohibited, the private network operators can maintain LI capabilities within their networks.

Since the inception of electronic communication, LI was in existence but was termed as wiretapping.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

Ethical Hacking Topics