Packet sniffers are software applications that can capture all network packets by using a network adapter card in promiscuous mode. They exploit information passed in clear text protocols like Telnet, FTP, SNMP, and POP. To be effective, packet sniffers must be on the same collision domain as the target network traffic. Authentication, switched infrastructure, antisniffer tools, and cryptography can be used to mitigate packet sniffers.

1. 1
Packet Sniffers
Prepared By:
Amer Alhorini
Supervised By:
Dr. Lo'ai Tawalbeh
NYIT
New York Institute of Technology

2. 2
The Network Today

3. 3
Packet Sniffers
• A packet sniffer is a software application that uses a network adapter card
in promiscuous mode to capture all network packets. The following are the
packet sniffer features:
Packet sniffers exploit information passed in clear text. Protocols that pass
information in the clear include the following:
•Telnet
•FTP
•SNMP
•POP
Packet sniffers must be on the same collision domain.
Host A Host B
Router A Router B

4. 4
Packet Sniffer Mitigation
• The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first
option for defense against packet sniffers.
Switched infrastructure—Deploy a switched infrastructure to counter the use of
packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware designed to
detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet sniffers does not
prevent or detect packet sniffers, but rather renders them irrelevant.
Host A Host B
Router A Router B

5. 5
Trends that Affect Security
• Increase of network attacks
• Increased sophistication of attacks
• Increased dependence on the network
• Lack of trained personnel
• Lack of awareness
• Lack of security policies
• Wireless access
• Legislation
• Litigation

6. 6
Network Threats Attack Examples
• There are four general categories of security threats to the
network:
Unstructured threats
Structured threats
External threats
Internal threats Internet
Internal
exploitation
Dial-in
exploitation
Compromised
host

7. 7
Four Classes of Network Attacks
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses

8. 8
Specific Attack Types
• All of the following can be used to compromise your system:
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms

9. 9
Reconnaissance Attack Example
Sample
domain
name
query
• Sample IP
address
query