Road to CEH Masters Week 8: Sniffing

Understanding Network Sniffing: An Essential Guide for Cybersecurity

Network Sniffing Overview: Network sniffing, a crucial concept in cybersecurity, involves monitoring and capturing data packets flowing through a network using software or hardware devices. While straightforward in hub-based networks, modern switch-based networks present more challenges, requiring manipulation techniques to capture traffic effectively.

How Sniffers Work:

• Ethernet Basics: Ethernet networks use MAC and IP addresses for communication. The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses.
• Packet Capture: Sniffers put network interface cards (NICs) in promiscuous mode to capture all network traffic.
• Shared vs. Switched Ethernet: Sniffing is easier in shared environments, but switched environments require techniques like ARP spoofing and MAC flooding.

Types of Sniffing:

• Passive Sniffing: Captures packets without injecting traffic, used in hub-based networks.
• Active Sniffing: Involves injecting traffic to capture data in switched networks.

Hacking with Sniffers:

1. Network Access: Attacker connects to a switch port.
2. Network Discovery: Uses tools to map network topology.
3. Target Identification: Identifies victim machines.
4. ARP Spoofing: Sends fake ARP messages to redirect traffic.
5. Data Capture: Attacker intercepts and extracts sensitive information.

Vulnerable Protocols:

• Telnet, HTTP, SNMP, SMTP, NNTP, POP, FTP, IMAP: These protocols often transmit data in plaintext, making them susceptible to sniffing attacks.

Sniffing at the Data Link Layer: Sniffers operate at the data link layer of the OSI model, capturing packets and potentially exposing sensitive data.

Hardware Protocol Analyzers:

• Advantages: High data capture without packet drops, wide network connection options, accurate timestamps.
• Examples: VIAVI Xgig, TPI4000 Series, and more.

SPAN Ports: Switched Port Analyzer (SPAN) ports, or port mirroring, allow the monitoring of network traffic for analysis and debugging.

Wiretapping: Involves monitoring telephone or internet conversations. Types include:

• Active Wiretapping: Man-in-the-middle attacks.
• Passive Wiretapping: Eavesdropping without altering data.

Lawful Interception: Legally sanctioned data interception for surveillance by law enforcement agencies, useful in cybersecurity and infrastructure management.

MAC Attacks: Techniques like MAC flooding force switches to broadcast traffic, making it easier to sniff.

Key Takeaways:

• Sniffing Techniques: Passive and active sniffing require different approaches.
• Security Measures: Understanding sniffing methods helps in implementing better network security to prevent data interception.

With my study notes I have create a set of 12 flashcards that can be accessed here: Module 8 – Flash Cards

I have also created this visual Mind map: Module 8 – Mindmap

If you have any questions or any feedback feel free to comment or leave a message on the homepage as that will send directly to me!

Thanks for reading!