Sniffing and Evasion

12/4/2020

sniff

Data packets captured from a network are used to extract and steal sensitive information such as passwords, usernames, credit card information, etc.

The Difference Between Sniffing and Spoofing

There are different types of sniffing tools used and they include Wireshark, Ettercap, BetterCAP, Tcpdump, WinDump, etc.

Sniffing: the attacker listens into a networks data traffic and captures data packets using packet sniffers.
Spoofing: the attacker steals the credentials of a user and uses them in a system as a legitimate user. Spoofing attacks are also referred to as man-in-the–middle attacks since the attacker gets in the middle of a user and a system.

Types of Sniffing

There are two types of sniffing attacks, active sniffing and passive sniffing.

Active sniffing

Active Sniffing is conducted on a switched network. A switch is a device that connects two network devices together. Switches use the media access control (MAC) address to forward information to their intended destination ports. Attackers take advantage of this by injecting traffic into the LAN to enable sniffing.

Passive sniffing

Passive sniffing uses hubs instead of switches. Hubs perform the same way as switches only that they do use MAC address to read the destination ports of data. All an attacker needs to do is to simply connect to LAN and they are able to sniff data traffic in that network.

Sniffing is detrimental to the user or a network system since a hacker can sniff the following information: email traffic, FTP passwords, web traffics, telnet passwords, router configuration, chat sessions, DNS traffic, etc.

How to Prevent Sniffing Attacks

Untrusted networks: users should avoid connecting to unsecured networks, which includes free public Wi-Fi. These unsecured networks are dangerous since an attacker can deploy a packet sniffer that can sniff the entire network. Another way an attacker can sniff network traffic is by creating their own fake–free public Wi-Fi.

Encryption: Encryption is the process of converting plaintext into gibberish in order to protect the message from attackers. Before leaving the network, the information should be encrypted to protect it from hackers who sniff into networks. This is achieved through the use of a virtual private network (VPN).

Network scanning and monitoring: Network administrators should scan and monitor their networks to detect any suspicious traffic. This can be achieved by bandwidth monitoring or device auditing.

In information security, ethical hackers also use sniffing techniques to acquire information that could help them penetrate a system. If used by professionals like ethical hackers, packet sniffers could help in identifying a system’s vulnerabilities.