The process of monitoring and capturing the packets which pass through a network is Sniffing. The tools used for this process are sniffing tools. The process is similar to that of “tapping phone wires” and try to know the conversation details, also termed as wiretapping for computer networks.
The whole traffic of the network can be sniffed by employees, if one of the switch ports is open. Ethernet cable can be used and can plug into the network in the same physical location and connect to that network and sniff the traffic.
All sorts of traffic – protected and unprotected can be made visible by sniffing. The attacking party can gather information and can use for further attacks or raise any other network issues.
The following sensitive information from a network can be sniffed -
The data transmitted to the segment is made to be listened by shifting the NIC of the system to promiscuous mode. Promiscuous mode refers to the unique way of Ethernet hardware, in particular, network interface cards (NICs), that allows an NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device.
On the other hand, non-promiscuous mode makes the usage of network monitoring and software analysis difficult for traffic accounting.
Through NIC all the traffic is continuously monitored by sniffer, by decoding the information from the data packets.
Sniffing is of two types - Active or Passive.
In passive sniffing, the traffic cannot be altered as the traffic is locked. One can only listen through passive sniffing. The traffic is sent to all the ports as it works on a hub device. An attacker can easily capture the traffic in the cases where network uses the hubs to connect systems.
The advantage is that the modern networks now-a-days uses switches and thus passive sniffing is left with no significance or effective.
In active sniffing, the traffic may be altered in some way as desired by the attacker since the traffic is not locked. Usually switch-based networks are sniffed by Active Sniffing.It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.
Some of the techniques used for Active Sniffing are:
Some of the protocols like true TPC/IP are not designed in any security aspects and therefore does not offer any resistance to hacking. The protocols which are most likely to be affected by Sniffing are:
To be alert from sniffing, analyze each packet be saving and capturing and reviewing whenever time allows.
The devices which can be used to plug into the network at hardware level and thus monitor the traffic are known as Hardware protocol analyzers.
The devices are very expensive and hence are not much available to the ethical hackers.
The legally sanctioned access to the network data like telephone calls or email messages is Lawful Interception (LI). LI should always be from a lawful authority. The security process where official permission is given to a network operator or service provider to access the private communications or a person or individuals id LI.
The legislation to regulate the lawful interception is enacted by almost all the countries. LI are usually done for infrastructure protection and cyber security. Unless prohibited, the private network operators can maintain LI capabilities within their networks.
Since the inception of electronic communication, LI was in existence but was termed as wiretapping.
Ethical Hacking Related Interview Questions
|Networking Interview Questions||Android Interview Questions|
|CCNA Interview Questions||Routing Protcol Interview Questions|
|Firewall (computing) Interview Questions||Application Security Interview Questions|
|Cyber Security Interview Questions||TCP/IP Interview Questions|
|Owasp Interview Questions|
Ethical Hacking Tutorial
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.