3. • Introduction
• What is sniffer
• Sniffing Threats
• How a sniffer Work
• Type of Sniffing
• Protocol vulnerable to sniffing
• Tools to Sniff Network Traffic
• How to setup a Sniffing Attack
• How to protect your self from Sniffing
• Tools to detect sniffer on a network
4. Wire tapping is process of monitoring the Telephone and Internet conversation
by third party.
Type of Wiretapping
5. A Sniffer is a packet-capturing or frame-capturing tool.
It basically captures and displays the data as it is being transmitted from host to
host on the network.
6.
7. A Sniffer turns the NIC of a system into Promiscuous(pro-mis-cu-os) mode
so that it listen all the data transmitted on its segment.
Sniffer can constantly Read all the information entering to the computer
through NIC by Decoding the Information encapsulated in Data Packet.
8. There are Two types of Sniffing Attack
Active Sniffing
Passive Sniffing
9. “Passive Sniffing “mean sniffing trough a Hub.
Passive Sniffing Involves sending no packets, and
Monitoring the Packets sent by others.
But Hub Usage is Outdated today.
10. When Sniffing is performed on a Switched network, is
known as “Active Sniffing”.
Active Sniffing Relies on Injecting Packets (ARP) into the
Network, that Cause traffic.
11. Telnet
and
Rlogin
HTTP SMTP NNTP POP FTP IMAP
Keystrokes including User
Name & Passwords
Data sent in clear text
Password and data sent in clear text
Password and data sent in clear text
12. SPAN Port is Port which is configure to Receive a Copy
of Every Packet that passes through a Switch
27. Restrict the physical access to the network media to ensure that a packet
sniffer cannot be installed
Use Encryption to protect confidential information
Permanently Add MAC address of the Gateway to ARP cache
Use static IP Address and Static ARP tables to prevent attacker from
adding the spoofed ARP entries for machines in the network
28. Turn off network identification broadcasts and if possible restrict the
network to authorized users in order to protect network form being with
sniffing tools
Use UPv6 instead of IPv4 protocol
Use encrypted session such as SSJ instead of Telnet, Secure Copy (SCP)
instead of FTP, SSL for E-mail connection, etc. to protect wireless
network users against sniffing attack.
29. Use Network Tools
Such as HP
Performance insight to
monitor the network for
strange Packets
Use IDS
Detect
Promiscuous Mode