Sniffing
Sniffing is one of the most effective techniques in attacking a wireless network whether it is mapping the network to gain information,to grab information,or to captureenencrypted data.Sniffers usually act as network probes or snoops,examing network traffic but not intercepting or altering it.
A sniffer sometimes referd to as a network moniter or network analyser,can be used legimately by a network or sysem administratorto moniter and troubleshoot network traffic.Using the information captured by the sniffer an adminisrator can identify erroneous packets and use the data pinpoint bottlenecks and help maintain efficient network data transmission.
Sniffer simply captured all data packets pass through a given network interface.
By placing a sniffer on a network in promicscuous mode a malicious intruder can capture and analyse all of the network traffic.Within a given network,usernameand password information is generally transmitted in clear text which means that information is generally transmitted in clear text which means that the information would be viewable by analying the packets being transmitted.
A sniffer can only capture packet information within a given subnet so it is not possible for a malicious attacker to place a packet snifferon their home ISP network and capture networktraffice from inside your corporate network.
However if one machine on the internal networks becomes compromised through a trojan or other security breach, the introducer could run sniffer from that machine and use tthe captured user name and password information to compromise other machine on the network.
Types of Sniffing
Sniffing are of two types-
1. Active Sniffing 2. Passive sniffing
Note: The terms active and passive sniffing has also been used to describewireless network sniffing.They have analogous meaning.passive wireless sinffing involves sending no packets,a and monitering the packes send by other.Active sniffing involves sending out multiple networks to identify APs.
Active Sniffing
When sniffing is performed on a switched network,it is known as active sniffing.
Active sniffing relies on injecting packets into the network that cause traffic.Active sniffing is required to bypass the segmentation that switches provided.Switch maintain their own Arp cache special type of memory known as content adressable Memory (CAM),keeping track of which host is connected to which port.
Sniffers are oprated at the Data Link Layer of OSI model. This means that they do not have to play by the same rules as apllication and services that resides further up stack.Sniffer can grab whatever they see on the wire and record it for later review.They allow the user to see all the data contained in packet,even information that should remain hidden.
Passive Sniffing
Hubs see all the traffic in that particular collision domain.Sniffing performed on a hub is known as passive sniffing.
Passive sniffing is performed when the use is on a hub.Because the user is on a hub,all traffic is sent to all ports . All the Attacker must do is to start the sniffer and just wait fore someone on the same collision domain to start sending or receiving data.Collision domain is a logical area of the same collision domain to start sending or receiving data.Collision domain is a logocal area of the network in which one or more data packets can collide with each other.
Compactibility of Passive Sniffing:
Passive sniffing worked well during the days that hubs were used.The problem is that there are few of these devices left.Nowdays most of the network are working on switches where active sniffing is usefull.