What is Sniffing? How it works? Types of sniffing!!

Sniffing

Sniffer is a process of using the sniffer tool to monitor and retrieve all packets over a specific network. This is a form of "eavesdropping by phone" and understanding of conversation. This is also known as eavesdropping applied to computer networks.

If a group of enterprise switch ports is open, it is very likely that one of the employees will eavesdrop on the entire network flow. People who are physically in the same place can connect to the network using the Ethernet cable, wirelessly connect to the network, and wiretapping total traffic.

In other words, sniffing can display a variety of traffic, including protected traffic and unprotected traffic. An attacker could use the appropriate protocol to gather information that could be used for further attacks under the correct conditions or cause other problems for the network or system owner.

What can be sniffed?

One can sniff the following sensitive information from a network −

• Email traffic
• FTP passwords
• Web traffics
• Telnet passwords
• Router configuration
• Chat sessions
• DNS traffic

How it works

The sniffer usually converts the NIC of the system to mixed mode and listens to all the data sent on the segment.

Promiscuous mode refers to a unique way to allow the NIC to receive all the traffic on the network, even if the Ethernet hardware, especially the NIC (network interface card) is not addressed to the NIC. By default, the NIC ignores all non-addressed traffic by comparing the destination address of the Ethernet packet with the device's hardware address (aka.MAC). This is best for networks, but in modes other than promiscuous it is difficult to diagnose connection problems and traffic claims using network monitoring and analysis software.

A sniffer can continuously monitor all traffic from the computer through the NIC by decoding the encapsulated information in the packet.

Types of Sniffing

Sniffing can be either Active or Passive in nature.

Passive Sniffing

With passive sniffing, traffic is locked but never changed. Passive olfaction allows only hearing. It works with hub device. On a hub device, traffic is sent to all ports. In a network that uses a hub to connect to the system, traffic is visible to all hosts on the network. As a result, an attacker can easily obtain traffic.

The good news is that now the center is almost getting old. We are using switches in modern networks. Therefore, passive olfaction is no longer effective.

Active Sniffing

In active sniffing, traffic is not only locked and monitored, it can also be determined in some way by an attack. Active sniffing is used to sniff switch-based networks. This involves injecting address resolution packets (ARP) into the target network and flooding the content addressable memory (CAM) table of the switch. The CAM keeps track of which host is connected to which port.

The following is active sniffing technology

• MAC Flooding
• DHCP Attacks
• DNS Poisoning
• Spoofing Attacks
• ARP Poisoning