Tweet
Sniffing a network allows you to see all sorts of traffic, both clear and encrypted traffic and are a broad category that encompasses any utility that has the ability to perform a packet-capture by enabling promiscuous mode on the network interface thereby allowing the capture of traffic, whether or not the traffic was intended for the sniffing host.
Even though encrypted traffic under normal conditions is unreadable, some network sniffers like Wireshark allows you to type in for instance a WEP key or point to a private key used for HTTPS traffic and decrypt the traffic for you.
Sniffers are tools that allows you to scan and capture traffic from the local network or remotely using a Switched Port ANalyzer (SPAN). SPAN is nothing more than functionality in most managed switches that allows one switch to copy every packet to the switch the pentester or hacker is currently connected to, enabling sniffing of remote networks beyond the broadcast domain the sniffer is connected to.
Sniffers are not only a tool for hackers and penetration testers but widely used by any serious networking administrator.
Sniffing can be both active and passive. Typically, passive sniffing is considered to be any type of sniffing where traffic is only looked at and not altered in any way. In active sniffing, not only is traffic monitored, but it may also be altered in some way.
Some protocols while not widely used anymore lend themselves to easy sniffing
Even though encrypted traffic under normal conditions is unreadable, some network sniffers like Wireshark allows you to type in for instance a WEP key or point to a private key used for HTTPS traffic and decrypt the traffic for you.
Sniffers are tools that allows you to scan and capture traffic from the local network or remotely using a Switched Port ANalyzer (SPAN). SPAN is nothing more than functionality in most managed switches that allows one switch to copy every packet to the switch the pentester or hacker is currently connected to, enabling sniffing of remote networks beyond the broadcast domain the sniffer is connected to.
Sniffers are not only a tool for hackers and penetration testers but widely used by any serious networking administrator.
Sniffing can be both active and passive. Typically, passive sniffing is considered to be any type of sniffing where traffic is only looked at and not altered in any way. In active sniffing, not only is traffic monitored, but it may also be altered in some way.
Some protocols while not widely used anymore lend themselves to easy sniffing
- Telnet/rlogin offers usernames and passwords in cleartext.
- HyperText Transfer Protocol (HTTP) is designed to send information from the Internet in the clear without any protection, thus any traffic can be sniffed. This includes usernames and passwords from web applications.
- Simple Mail Transfer Protocol (SMTP) is used for transferring e-mails but it does not include any protections against sniffers.
- Network News Transfer Protocol (NNTP) is designed for sharing news but does not include any protections against sniffers.
- Post Office Protocol (POP) is designed to access and retrieve e-mails from servers. Usernames and passwords are in clear text while in transit.
- File Transfer Protocol (FTP) is a protocol designed to send and receive files but all files are moved unencrypted.
- Internet Message Access Protocol (IMAP) is similar to SMTP in function and moves around e-mails in a clear text state.