|

Sniffing and its Types

Network sniffing is the process of employing a software program or hardware device to capture every data packet moving via a network (Mitchell, 2021). Snooping allows ethical hackers to learn a great deal about a network’s operation and the behavior of its users, information that may be utilized to strengthen a company’s cybersecurity.

However, when employed by malicious hackers, sniffing can be used to launch devastating attacks against unsuspecting targets. This article will look at what sniffing is, how it can be used for harm, and how sniffing attacks can be prevented.

What is Sniffing Attacks?

Sniffing attacks refer to data thefts caused by capturing network traffic through packet sniffers that can unlawfully access and read the data which is not encrypted. When the data packets move via a computer network, they are intercepted. The tools or media used to conduct this sniffing attack and capture the network data packets are known as packet sniffers. The term “network protocol analyzers” describes them. Hackers will have access to the data unless the packets are encrypted with sufficient network security. Various packet sniffers exist, including Wireshark, Dsniff, Etherpeek, etc. 

Examples of Sniffing Attacks

Some of the examples of Sniffing attacks are:

  • Spoofing attacks
  • DHCP attacks
  • DNS poisoning
  • JavaScript card sniffing attacks

Types of Sniffing Attacks

Broadly, sniffing attacks are classified into 2 categories:

Active Sniffing attacks 

Active sniffing attacks majorly refer to attacks triggered by injecting Address Resolution Protocols (ARPs) into a network to flood the Switch Content address memory (CAM) table. The redirected legitimate traffic finally allows the attacker to perform the sniffing of the traffic from the switch.

Passive Sniffing attacks

This kind of sniffing usually occurs at the hub. Contrary to active sniffing, here the hub can be directly injected with a sniffing device to easily extract the data packets. However, hubs hardly are used these days and hence passive sniffing attacks are barely reported. 

There are various types of sniffing attacks such as

  • LAN Sniff – The sniffer attacks the internal LAN and scans the entire IP gaining access to live hosts, open ports, server inventory, etc. A port-specific vulnerability attack happens in LAN sniffing.
  • Protocol Sniff – The sniffer attacks occur based on the network protocol used. Different protocols such as ICMP, UDP, Telnet, PPP, DNS, etc., or other protocols might be used.
  • ARP Sniff – ARP Poisoning attacks or packet spoofing attacks occur based on the data captured to create a map of IP addresses and associated MAC addresses.
  • TCP Session stealing – To track and gather information about the traffic between the source and destination IP addresses, TCP session theft is employed. Hackers steal all information, including the port number, service type, TCP sequence numbers, and data.
  • Application-level sniffing – Applications running on the server are attacked to plan an application-specific attack.
  • Web password sniffing – HTTP sessions created by users are stolen by sniffers to get the user ID, password, and other sensitive information.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *