Certified Ethical Hacker (CEH) : Sniffing

By
asima
-
0
674

Sniffing Concepts

  1. Active Sniffing
  2. passive Sniffing

Working of Sniffers

Hardware Protocol Analyzer

Using these hardware analyzers, an attacker can

  • Monitor Network Usage
  • Identify Traffic from hacking software
  • Decrypt the packets
  • Extract the information
  • Size of Packet

SPAN Port

Simple Local SPAN Configuration

Wiretapping

  • Active Wiretapping
  • Passive Wiretapping

Lawful Interception

Planning Tool for Resource Integration (PRISM)

MAC Attacks

MAC Address Table / CAM Table

MAC Flooding

Switch Port Stealing

Defend against MAC Attacks

Configuring Port Security

DHCP Attacks

DHCP Starvation Attack

Rogue DHCP Server Attack

Defending Against DHCP Starvation and Rogue Server Attack

DHCP Snooping

ARP Poisoning

ARP Spoofing Attack

Defending ARP Poisoning

Dynamic ARP Inspection (DAI)

Spoofing Attack

MAC Spoofing/Duplicating

MAC Spoofing Tool

  • Technitium MAC address Changer
  • SMAC

How to Defend Against MAC Spoofing

DNS Poisoning

DNS Poisoning Techniques

  • Intranet DNS Spoofing
  • Internet DNS Spoofing
  • Proxy Server DNS Poisoning
  • DNS Cache Poisoning

How to Defend Against DNS Spoofing

Sniffing Tools

  • Wireshark

Best practice against Sniffing includes the following approaches to protect the network
traffic.

  • Using HTTPS instead of HTTP
  • Using SFTP instead of FTP
  • Use Switch instead of Hub
  • Configure Port Security
  • Configure DHCP Snooping
  • Configure Dynamic ARP Inspection
  • Configure Source guard
  • Use Sniffing Detection tool to detect NIC functioning in a promiscuous mode
  • Use Strong Encryption protocols

Sniffing Detection Techniques

  • Ping Method
  • ARP Method
  • Promiscuous Detection Tool: PromqryUI or Nmap

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here