Ethical Hacking Sniffing Tools

Ethical Hacking Sniffing Tools, Wifi Sniffer: Tools for Detecting Packet Sniffers, Wifi Sniffer: Tools for Detecting Packet Sniffers, Wireless Sniffers – Sniffing Tools in Ethical Hacking,Active Sniffing Attacks | Ethical Hacking, Ethical Hacking Sniffing in Ethical Hacking Tutorial, What is Network Sniffing ? | Protect Business with Packet Sniffer, What is a sniffer in hacking?, ethical hacking sniffing training and certification in delhi, ethical hacking sniffing training and certification in delhi

Sniffing is a process of capturing and monitoring all the packets travelling around a specific network using some sniffing tools. It is a form of “tapping phone wires”, “listening someone call conversations” and get to know what exactly the conversation is going on.

It is also called wiretapping applied to the computer networks.

The switch ports if open which are used in large enterprise, then any employee or internal intruder can sniff the whole traffic of the network. It is in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic without knowing anyone or System Admin.

What can be sniffed?

Our confidential information of network one can sniff:-

1. Email traffic

2. Telnet password

Ethical Hacking Course in Delhi

3. Web traffics

4. Router and switch configuration

5. FTP passwords

6. DNS traffics

How it works?

A promiscuous mode refers to the unique way of Ethernet hardware, in particular, network interface cards (NICs), that allows an NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (MAC address) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.

Type of Sniffing:

Passive Sniffing

In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.

The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.

Cyber Security Course in india

Active Sniffing

In active sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets(ARP) into a target network to flood on the switch content addressable memory(CAM) table. CAM keeps track of which host is connected to which port.

Following are the Active Sniffing Techniques −

MAC Flooding
DHCP Attacks
DNS Poisoning
Spoofing Attacks
ARP Poisoning

Protocols which are affected

Protocols such as the tried and true TCP/IP were never designed with security in mind and therefore do not offer much resistance to potential intruders. Several rules lend themselves to easy sniffing −

· HTTP− It is used to send information in the clear text without any encryption and thus a real target.

· SMTP(Simple Mail Transfer Protocol) − SMTP is basically utilized in the transfer of emails. This protocol is efficient, but it does not include any protection against sniffing.

· NNTP(Network News Transfer Protocol) − It is used for all types of communications, but its main drawback is that data and even passwords are sent over the network as clear text.

· POP(Post Office Protocol) − POP is strictly used to receive emails from the servers. This protocol does not include protection against sniffing because it can be trapped.

· FTP(File Transfer Protocol) − FTP is used to send and receive files, but it does not offer any security features. All the data is sent as clear text that can be easily sniffed.

· IMAP(Internet Message Access Protocol) − IMAP is same as SMTP in its functions, but it is highly vulnerable to sniffing.

· Telnet− Telnet sends everything (usernames, passwords, keystrokes) over the network as clear text and hence, it can be easily sniffed.

Sniffers are not the dumb utilities that allow you to view only live traffic. If you really want to analyse each packet, save the capture and review it whenever time allows.

Tools for Sniffing:

1. Solar Winds Packet Analysis Bundle.

2. Wireshark

3. PRTG Network Monitor

4. Steel central Packet Analyzer

5. Tcpdump

6. Network Miner

7. Kismet

8. Fiddler