sniffing attacks
4
Jun

What are Sniffing Attacks and their types?

Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers. Packet Sniffers are used by network administrators to keep track of data traffic passing through their network. These are called network protocol analyzers. In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network.  

Data packets captured from a network are used to extract and steal sensitive information such as passwords, usernames, credit card information, etc. Attackers install these sniffers in the system in the form of software or hardware. There are different types of sniffing tools used and they include Wireshark, Ettercap, BetterCAP, Tcpdump, WinDump, etc. 

The Difference Between Sniffing and Spoofing 

In sniffing, the attacker listens into a networks data traffic and captures data packets using packet sniffers. In spoofing, the attacker steals the credentials of a user and uses them in a system as a legitimate user. Spoofing attacks are also referred to as man-in-themiddle attacks since the attacker gets in the middle of a user and a system. 

Types of Sniffing 

There are two types of sniffing attacks, active sniffing and passive sniffing. 

  • Active sniffing – this is sniffing that is conducted on a switched network. A switch is a device that connects two network devices together. Switches use the media access control (MAC) address to forward information to their intended destination ports. Attackers take advantage of this by injecting traffic into the LAN to enable sniffing. 
  • Passive sniffing – passive sniffing uses hubs instead of switches. Hubs perform the same way as switches only that they do use MAC address to read the destination ports of data. All an attacker needs to do is to simply connect to LAN and they are able to sniff data traffic in that network. 

Sniffing is detrimental to the user or a network system since a hacker can sniff the following information: email traffic, FTP passwords, web traffics, telnet passwords, router configuration, chat sessions, DNS traffic, etc. 

How to Prevent Sniffing Attacks 

Untrusted networks: users should avoid connecting to unsecured networks, which includes free public Wi-Fi. These unsecured networks are dangerous since an attacker can deploy a packet sniffer that can sniff the entire network. Another way an attacker can sniff network traffic is by creating their own fakefree public Wi-Fi. 

Encryption: Encryption is the process of converting plaintext into gibberish in order to protect the message from attackers. Before leaving the network, the information should be encrypted to protect it from hackers who sniff into networks. This is achieved through the use of a virtual private network (VPN). 

Network scanning and monitoring: Network administrators should scan and monitor their networks to detect any suspicious traffic. This can be achieved by bandwidth monitoring or device auditing.  

In information security, ethical hackers also use sniffing techniques to acquire information that could help them penetrate a system. If used by professionals like ethical hackers, packet sniffers could help in identifying a system’s vulnerabilities. 

Becoming a Certified Ethical Hacker (CEH) would put you on the front lines of being able to detect and mitigate these sniffing attacks, thereby keeping the network safe. You would learn all the techniques and tools hackers use to compromise systems, then use those same tools and techniques against the bad guys to help protect your clients.

 

FAQs

How is packet sniffing used for attacking?
Packet sniffing, a network attack strategy, captures network traffic at the Ethernet frame level. After capture, this data can be analyzed and sensitive information can be retrieved. Such a network attack starts with a tool such as Wireshark.
What is WIFI attack?

The vulnerability, KRACK (short for Key Reinstallation Attacks), tricks a wireless access point into reusing an in-use encryption key, allowing the attacker to decrypt and read data that was meant to stay encrypted.

Can WiFi traffic be intercepted and read by anyone?

Yes, just like any non-encrypted wifi traffic your packets can be analyzed. If you are going through a cellular network then you have more protection, but if anyone has the tools they can read that traffic too.

get certified from ec-council
Write for Us
eccouncil track