![]() Also port specific traffic: http, ftp, telnet,… Forging ARP replies: intercept packets from target host(s) on the LAN intended for another host on the LAN: effective way of sniffing traffic on a switch Passive sniffing: determine the local gateway of an unknown network – Data link layer (Hub) Active Sniffing-Flood local network with random MAC addresses: switches will fail open in repeating mode, facilitating sniffing). This is no longer passive sniffing (Switch) Password sniffing: minimally parsing each application protocol, and saving the "interesting" pieces Sniffing HTTP traffic: output all requested URLs and do offline log analysis Capture URLs from a client to local web browser for display URL, updated in real-time: when the target surfs, the local browser surfs NETW4006-Lecture09 Sniffer Capabilities Watch all network traffic over any Network Interface Card (NIC) connected to the host machine: TCP, IP, UDP, ICMP, ARP, RARP. legitimate uses to monitor network performance or troubleshoot problems: network audit, demonstrate insecurity of plaintext network protocols Also used by hackers and crackers to gather information illegally about networks they intend to break into: passwords, IP addresses, credit card numbers, protocols being used on the network and other information (binary data into something intelligible) that will help the attacker infiltrate the network. The sniffer is a program/device that monitor data travelling over a network. ![]() ![]() Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09Ĭontent Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References NETW4006-Lecture09ĭefinition Packet sniffing: act of capturing data packets flowing across network.
0 Comments
Leave a Reply. |