Sniffing is that the process of monitoring and capturing all the packets passing through a given network using sniffing tools. it’s a sort of “tapping phone wires” and obtain to understand about the conversation. it’s also called wiretapping applied to the pc networks.

There is such a lot possibility that if a group of enterprise switch ports is open, then one among their employees can sniff the entire traffic of the network. Anyone within the same physical location can plug into the network using coaxial cable or connect wirelessly thereto network and sniff the entire traffic.

In other words, Sniffing allows you to ascertain all kinds of traffic, both protected and unprotected. within the right conditions and with the proper protocols in situ , an attacking party could also be ready to gather information which will be used for further attacks or to cause other issues for the network or system owner.

What are often sniffed?

One can sniff the subsequent sensitive information from a network −

Email traffic
FTP passwords
Web traffics
Telnet passwords
Router configuration
Chat sessions
DNS traffic

How it works

A sniffer normally turns the NIC of the system to the promiscuous mode in order that it listens to all or any the info transmitted on its segment.

Promiscuous mode refers to the unique way of Ethernet hardware, especially , network interface cards (NICs), that permits an NIC to receive all traffic on the network, albeit it’s not addressed to the present NIC. By default, a NIC ignores all traffic that’s not addressed thereto , which is completed by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.

A sniffer can continuously monitor all the traffic to a computer through the NIC by decoding the knowledge encapsulated within the data packets.

Types of Sniffing

Sniffing is often either Active or Passive in nature.

Passive Sniffing

In passive sniffing, the traffic is locked but it’s not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is shipped to all or any the ports. during a network that uses hubs to attach systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic browsing.

The good news is that hubs are almost obsolete nowadays. latest networks use switches. Hence, passive sniffing is not any simpler .

Active Sniffing

In active sniffing, the traffic isn’t only locked and monitored, but it’s going to even be altered in how as determined by the attack. Active sniffing is employed to smell a switch-based network. It involves injecting address resolution packets (ARP) into a target network to flood on the switch content addressable memory (CAM) table. CAM keeps track of which host is connected to which port.

Following are the Active Sniffing Techniques −

MAC Flooding
DHCP Attacks
DNS Poisoning
Spoofing Attacks
ARP Poisoning

Protocols which are affected

Protocols like the tried and true TCP/IP were never designed with security in mind and thus don’t offer much resistance to potential intruders. Several rules lend themselves to easy sniffing −

HTTP − it’s wont to send information within the clear text with none encryption and thus a true target.
SMTP (Simple Mail Transfer Protocol) − SMTP is essentially utilized within the transfer of emails. This protocol is efficient, but it doesn’t include any protection against sniffing.
NNTP (Network News Transfer Protocol)− it’s used for all kinds of communications, but its main drawback is that data and even passwords are sent over the network as clear text.
POP (Post Office Protocol) − POP is strictly wont to receive emails from the servers. This protocol doesn’t include protection against sniffing because it are often trapped.
FTP (File Transfer Protocol) − FTP is employed to send and receive files, but it doesn’t offer any security measures . All the info is shipped as clear text which will be easily sniffed.
IMAP (Internet Message Access Protocol) − IMAP is same as SMTP in its functions, but it’s highly susceptible to sniffing.
Telnet − Telnet sends everything (usernames, passwords, keystrokes) over the network as clear text and hence, it are often easily sniffed.

Sniffers aren’t the dumb utilities that allow you to look at only live traffic. If you actually want to research each packet, save the capture and review it whenever time allows.

Hardware Protocol Analyzers

Before we enter further details of sniffers, it’s important that we discuss about hardware protocol analyzers. These devices plug into the network at the hardware level and may monitor traffic without manipulating it.

Hardware protocol analyzers are wont to monitor and identify malicious network traffic generated by hacking software installed within the system.
They capture a knowledge packet, decode it, and analyze its content consistent with certain rules.
Hardware protocol analyzers allow attackers to ascertain individual data bytes of every packet passing through the cable.

These hardware devices aren’t readily available to most ethical hackers thanks to their enormous cost in many cases.

Lawful Interception

Lawful Interception (LI) is defined as legally sanctioned access to communications network data like telephone calls or email messages. LI should be in pursuance of a lawful authority for the aim of study or evidence. Therefore, LI may be a security process during which a network operator or service provider gives enforcement officials permission to access private communications of people or organizations.

Almost all countries have drafted and enacted legislation to manage lawful interception procedures; standardization groups are creating LI technology specifications. Usually, LI activities are taken for the aim of infrastructure protection and cyber security. However, operators of personal network infrastructures can maintain LI capabilities within their own networks as an inherent right, unless otherwise prohibited.

LI was formerly referred to as wiretapping and has existed since the inception of electronic communications.

Ethical Hacking – Sniffing Tools

There are numerous tools available to perform sniffing over a network, and that they all have their own features to assist a hacker analyze traffic and dissect the knowledge . Sniffing tools are extremely common applications. we’ve listed here a number of the interesting ones −

BetterCAP − BetterCAP may be a powerful, flexible and portable tool created to perform various sorts of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in real-time, sniff for credentials, and far more.
Ettercap − Ettercap may be a comprehensive suite for man-in-the-middle attacks. It features sniffing of live connections, content filtering on the fly and lots of other interesting tricks. It supports active and passive dissection of the many protocols and includes many features for network and host analysis.
Wireshark − it’s one among the foremost widely known and used packet sniffers. It offers an incredible number of features designed to help within the dissection and analysis of traffic.
Tcpdump − it’s a well known command-line packet analyzer. It provides the power to intercept and observe TCP/IP and other packets during transmission over the network. Available at www.tcpdump.org.
WinDump − A Windows port of the favored Linux packet sniffer tcpdump, which may be a command-line tool that’s perfect for displaying header information.
OmniPeek − Manufactured by WildPackets, OmniPeek may be a commercial product that’s the evolution of the merchandise EtherPeek.
Dsniff − a set of tools designed to perform sniffing with different protocols with the intent of intercepting and revealing passwords. Dsniff is meant for Unix and Linux platforms and doesn’t have a full equivalent on the Windows platform.
EtherApe − it’s a Linux/Unix tool designed to display graphically a system’s incoming and outgoing connections.
MSN Sniffer − it’s a sniffing utility specifically designed for sniffing traffic generated by the MSN Messenger application.
NetWitness NextGen − It includes a hardware-based sniffer, alongside other features, designed to watch and analyze all traffic on a network. This tool is employed by the FBI and other enforcement agencies.

A potential hacker can use any of those sniffing tools to research traffic on a network and dissect information.

So, this brings us to the end of blog. This Tecklearn ‘Sniffing in Ethical Hacking’ blog helps you with commonly asked questions if you are looking out for a job in Cyber Security. If you wish to learn Ethical Hacking and build a career in Cyber Security domain, then check out our interactive, Certified Ethical Hacker Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/certified-ethical-hacker-training/

Certified Ethical Hacker Training

About the Course

Tecklearn’s CEH certification training course provides you the hands-on training required to master the techniques hackers use to penetrate network systems and fortify your system against it. In this training, you will master how to identify security vulnerabilities by inspecting network infrastructures and defend the malicious hacker with essential tools and techniques, advanced network packet analysis and system penetration testing techniques to build your network security skill-set and prevent hackers. We will train you on the advanced step-by-step methodologies that hackers actually use such as writing virus codes and reverse engineering so you can better protect corporate infrastructure from data breaches.

Why Should you take Certified Ethical Hacker Training?

The average salary for a Cybersecurity Specialist is $110,881 per year in the United States and INR 900,000 per year in India – Indeed.com
Global Cybersecurity industry is estimated to cross US$ 220 billion by 2021.
Today cyber security is one of the most important aspects for any organization. In today’s digitally-driven world every organization needs professionals who can keep the hackers at bay. Hence the salaries for certified ethical hackers are among the best in the industry.

What you will Learn in this Course?

Introduction to Ethical hacking

Scope of ethical hacking
Enterprise information security architecture
Introduction and PCI Data Security Standard Overview
Role of Security and Penetration Testers
Vulnerability assessment
Various cyber security laws
Penetration testing

Various aspects of Information Security

Information security attacks
OS attacks
Application level attacks
Phases and Concepts of Hacking
Information Security Law and Standards

System Hacking

What is System Hacking
Goals of System Hacking
Understanding the certified ethical hacker methodology
About Kali Linux
Hands On

Technology Standards

Introduction to F5 Technology and Terms
POS (Point of Sale ) , mPoS
What is GLBA Compliance
OWASP
Site monitoring Tools
Introduction to PCI DSS Standard

Semantics and Introduction to Footprinting

What is Semantics
Fuzzy Logic
Footprinting

Threats

Types of Threats
Threats against the Application
Threat modelling
Hands on

Threat modelling

Threat modelling with STRIDE model
Ways to Find Security Issues
Penetration Testing Tools
Modelling Models – Whiteboard Diagrams, Brainstorming, Structured Diagrams etc.
Trust Boundaries
Threat Trees
DREAD Model

Example of Attack

Vulnerability Scanning Tools

OpenVAS
Wapiti
Burp Suite Community
Metasploit

Threat Modelling with Different models

Various Threat Models
PASTA Model in Depth

Advanced concepts like network packet analysis

Network scanning
How to scan the network, overview of scanning
WireShark
Sniffing attacks
File Signature

Got a question for us? Please mention it in the comments section and we will get back to you.

594