What is Network Sniffing ? What are the types of Network Sniffing /Packet Sniffing ? How HUBS and Switches works
Hey Hackers!!!
Today we will discuss about what is network sniffing ? and various techniques used to sniff traffic across the network.
NOTE:In order to fully understand network sniffing , i would recommend you to spend some time reading about how TCP/IP works.
What is Network Sniffing ?
Network sniffing aka eavesdropping is a type of attack where an attacker captures the packets across a wire or across air (wireless) .The main goal is to capture unencrypted credentials across the network.The common target protocols includes FTP,HTTP and SMTP.
Types of Network Sniffing
- Active sniffing
- Passive sniffing
Active Sniffing
Active sniffing is where we directly interact with our target machine, by sending packets and requests.
The most common example of active sniffing is ARP spoofing and MAC flooding .Active sniffing is what we will focus more on.
Passive Sniffing
In Passive sniffing , the attacker does not interact with the target .They just sit on the network and capture the packets sent and received by the network. This happens in case of HUB based networks or wireless networks, which we will discuss in following.
HUB and Switches
In order to fully understand how sniffing works , you need to understand the difference between hub-based network and switch-based network .
Unlike HUBS, which operate on the physical layer (layer 1) of the OSI model, Switches operate on layer 2 of the OSI model on which almost all modern network are based.
Let’s assume that the above topology runs on a HUB-based network and the “Laptop-1″(on the bottom ) would like to communicate with “Laptop-2″(on the top). Laptop-1 will forward traffic to HUB .
A Hub is designed in such a way that it broadcasts all the traffic it receives , means that it will forward the traffic to al the hosts on a network.
Now, Since IP header contains the address of “Laptop-2“, any other device receiving the frames/packets will drop it .The technical flaw in this design is that lots of bandwidth is utilized and broadcast storms are created .The security flaw in the design is that an attacker could run a sniffer to capture all the traffic that is received on his computer as the traffic is broadcasted on the HUB-based network.
To mitigate theis issue , Switch was introduced .Switches are smarter device because , unlike HUBS, it does not broadcast the traffic to every host on the network ; it will only forward the traffic to the host it is destined for.
The switch uses ARP(Adress Resolution Protocol) to perform this job .We will discuss about ARP in our next blog.
Now you know what is Network Sniffing ,its types and how HUBS and Switches works .In our upcoming blog we will discuss about how to Sniff a Network , Attacking the Switch based network and many more.
Remember that the techniques we will discuss would only work on the local area network and not across the internet .So the target and attacker needs to be in the same local area network for our attack to work.Although you can make this work remotely by compromising the host and then using that host to sniff the traffic.
Network sniffing can be prevented by using protocols that supports encrypted communication such as SSL,SSH,IPSEC etc .Therefore even if an attacker is able to capture the traffic ,he/she will not be able to use it as ti would be encrypted .However with some extra efforts , we can also sniff traffic from protocols that uses encrypted communication.
Keep Coming for more.
Thank you.