Packet Sniffing

8,412 views

Published on

A small presentation on packet sniffing explaining the basics.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,412
On SlideShare
0
From Embeds
0
Number of Embeds
60
Actions
Shares
0
Downloads
407
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Packet Sniffing

  1. 1. How a packet sniffer works <ul><li>A sniffer is basically a program that eavesdrops on the network traffic by intercepting the information traveling over network </li></ul><ul><li>There are two types of network environments in which a sniffer works </li></ul><ul><ul><li>Shared Ethernet </li></ul></ul><ul><ul><li>Switched Ethernet </li></ul></ul><ul><ul><ul><li>Shared Ethernet </li></ul></ul></ul><ul><ul><ul><li>In a shared Ethernet environment, all the systems are connected to the same bus and are in the same broadcast domain. </li></ul></ul></ul><ul><ul><ul><li>When a message is to be sent to a machine, it is broad casted over the network and machine for which the message is intended, reads the message. </li></ul></ul></ul><ul><ul><ul><li>- A machine running a sniffer, runs in “promiscuous mode” and can listen to all the traffic on the network. This type of sniffing is extremely difficult to detect. </li></ul></ul></ul>
  2. 2. <ul><ul><li>Switched Ethernet </li></ul></ul><ul><ul><li>- In this network formation, the machines are connected to a switch. The switch maintains a MAC table and keeps a track of each computer’s MAC address and the physical port on the switch to which the MAC address maps </li></ul></ul><ul><ul><li>- In a switched network, the packets are not broad casted, but instead are specifically sent to the machines for which they are intended. </li></ul></ul><ul><ul><li>- Even though a switched Ethernet is more secure than a shared one (using hub), it’s not complete secure </li></ul></ul><ul><ul><li>- One can still sniff the traffic using techniques like ARP spoofing, which basically spoofs the MAC address of the gateway and makes the traffic route through the machine running the sniffer </li></ul></ul>How a packet sniffer works (contd...)
  3. 3. How a packet sniffer works (contd...) Running sniffers on the gateway level LAN Gateway (running a sniffer) Internet OR External Network
  4. 4. How a packet sniffer works (contd...) <ul><li>Sniffing tools available </li></ul><ul><ul><li>Ethereal (http://www.ethereal.com) </li></ul></ul><ul><ul><li>Tcpdump (default on Linux systems) </li></ul></ul><ul><ul><li>Ettercap (http://ettercap.sourceforge.net) </li></ul></ul><ul><ul><li>Dsniff (http://www.monkey.org/~dugsong/dsniff/) </li></ul></ul><ul><ul><li>Programs to detect sniffer </li></ul></ul><ul><ul><ul><li>Anti Sniff (Detects if a computer is running in promiscus mode - http://www.l0pht.com/antisniff/ ) </li></ul></ul></ul><ul><ul><ul><li>ARP Watch (It keeps a track of the ethernet/IP pairings. Helps stop ARP spoofing. - http://ftp.ee.lbl.gov/arpwatch.tar.Z ) </li></ul></ul></ul><ul><ul><ul><li>References </li></ul></ul></ul><ul><ul><ul><li>http://www.rootshell.be/~dhar/sniffers.html </li></ul></ul></ul><ul><ul><ul><li>http://www.networknewz.com/2001/0723.html </li></ul></ul></ul><ul><ul><ul><li>Presentation can be downloaded from: http://www.chaitanyasharma.in/sniffer/Sniff.ppt </li></ul></ul></ul>

×