Popular Posts

Blog Archive

Search This Blog

Sniffing - Ethical Hacking | NAHID HASAN TECHNOLOGY

Share it:

Ethical Hacking - Sniffing

Sniffing is that the method of observance and capturing all the packets passing through given network exploitation sniffing tools. it's a sort of “tapping phone wires” and find to understand the spoken communication. it's conjointly referred to as wiretapping applied to the pc networks.
There is such a lot of risk that if a group of enterprise switch ports is open, then one in every of their staff will sniff the complete traffic of the network. Anyone within the same physical location will plug into the network exploitation coax cable or connect wirelessly thereto network and sniff the overall traffic.
In different words, Sniffing permits you to examine all varieties of traffic, each protected and unprotected. within the right conditions and with the proper protocols in situ, Associate in Nursing offensive party could also be able to gather info that may be used for any attacks or to cause different problems for the network or system owner.

What can be sniffed?
One can sniff the following sensitive information from a network −
  • Email traffic
  • FTP passwords
  • Web traffics
  • Telnet passwords
  • Router configuration
  • Chat sessions
  • DNS traffic
How it works
A person ordinarily turns the NIC of the system to the promiscuous mode in order that it listens to any or all the info transmitted on its section.

Promiscuous mode refers to the distinctive approach of local area network hardware, specifically, network interface cards (NICs), that enables AN NIC to receive all traffic on the network, albeit it's not addressed to the present NIC. By default, a NIC ignores all traffic that's not addressed to that, that is completed by examination the destination address of the local area network packet with the hardware address (a.k.a. MAC) of the device. whereas this makes good sense for networking, non-promiscuous mode makes it tough to use network observation and analysis software system for diagnosis property problems or traffic accounting.


Types of Sniffing

Sniffing can be either Active or Passive in nature.

Passive Sniffing

In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.

The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.

Active Sniffing
Inactive sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.

Following are the Active Sniffing Techniques −

  • MAC Flooding
  • DHCP Attacks
  • DNS Poisoning
  • Spoofing Attacks
  • ARP Poisoning
Protocols which are affected
Protocols such as the tried and true TCP/IP were never designed with security in mind and therefore do not offer much resistance to potential intruders. Several rules lend themselves to easy sniffing −

  • HTTP − It is used to send information in the clear text without any encryption and thus a real target.
  • SMTP (Simple Mail Transfer Protocol) − SMTP is basically utilized in the transfer of emails. This protocol is efficient, but it does not include any protection against sniffing.
  • NNTP (Network News Transfer Protocol)− It is used for all types of communications, but its main drawback is that data and even passwords are sent over the network as clear text.
  • POP (Post Office Protocol) − POP is strictly used to receive emails from the servers. This protocol does not include protection against sniffing because it can be trapped.
  • FTP (File Transfer Protocol) − FTP is used to send and receive files, but it does not offer any security features. All the data is sent as clear text that can be easily sniffed.
  • IMAP (Internet Message Access Protocol) − IMAP is the same as SMTP in its functions, but it is highly vulnerable to sniffing.
  • Telnet −  sends everything (usernames, passwords, keystrokes) over the network as clear text and hence, it can be easily sniffed.

Sniffers are not the dumb utilities that allow you to view only live traffic. If you really want to analyze each packet, save the capture and review it whenever time allows.

Hardware Protocol Analyzers

Before we go into further details of sniffers, it is important that we discuss about hardware protocol analyzers. These devices plug into the network at the hardware level and can monitor traffic without manipulating it.

  • Hardware protocol analyzers are used to monitor and identify malicious network traffic generated by hacking software installed in the system.
  • They capture a data packet, decode it, and analyze its content according to certain rules.
  • Hardware protocol analyzers allow attackers to see individual data bytes of each packet passing through the cable.
Thanks for Reading✌✌✌

Share it: