Sniffing Attack
Sniffing is the technique or process of capturing (sniffing) data packets over a network. It is historically related to the harvesting of clear-text credentials transmitted due to a login action.
Sniffing is the technique or process of capturing (sniffing) data packets over a network. It is historically related to the harvesting of clear-text credentials transmitted due to a login action.
The actor who wants to sniff packets in a network uses NICs (Network Interface Cards) in promiscuous mode, which enables the NICs’ feature of capturing packets that are not specifically addressed to them.
Sniffing attacks can be divided into two subcategories:
1. Passive sniffing techniques are limited to listening without any sort of injection or redirection of the traffic. Those are particularly effective in the networks in which the traffic is visible to all hosts.
2. Active techniques involve sniffing the traffic directly from a switch or its redirection to controlled targets. In the first case, the attacker abuses ARP injection flooding the switch CAM (content access memory).
This causes the redirection of all the traffic to other ports from which an attacker can intercept the packets that are passing through. The second type of active sniffing techniques includes spoofing or DHCP attacks and DNS poisoning which force the traffic to transit via specific and controlled targets before reaching the intended receiver.
A sniffer is a tool or a piece of code that let you listen or intercept the traffic over a target network. It can be in different forms, written in different languages, and do different actions to let an attacker obtain the transmitted packets.
A sniffer usually also processes the intercepted data, passing them through a decoder or any other block that make it human-readable or at least parsable.
Sniffing and spoofing are used incorrectly interchangeably at times but they are way different.
Sniffing, as we already said, is the process of intercepting and viewing the network traffic. Spoofing is a process that allows an attacker to send packets or make requests over a network pretending to be someone else (e.g. MAC spoofing, IP spoofing).
The only effective way to mitigate sniffing attacks is to use strong messages encryption and using a VPN, when possible. This enhances the security and makes the messages difficult to decrypt.
Sniffing attacks can be easily detected by monitoring the network and scanning the whole environment. Since no network has to be considered invulnerable, this type of best practice should be implemented in the IT security processes of every business company.
If you like this blog post, find more content in our Glossary.