Sniffing
Sniffing Involves retrieving packets of data over a network using a specific program or device.
Sniffing Types:
| Type of Scanning | Description |
|---|---|
| Passive sniffing | In passive sniffing, There is no packet sending is required. |
| Active sniffing | In active sniffing, We request a packet with source and destination addresses. |
Sniffing Tools:
| Name of tools for sniffing | Description |
|---|---|
| BetterCAP |
The BetterCAP tool is a very powerful, flexible, and portable best software tool created to perform various types of MITM attacks against networks and manipulate its HTTP, HTTPS, and TCP traffic in real-time, sniffing it for as well as credentials, and much more through it. |
| Ettercap |
Ettercap tool is a software comprehensively sharp tool suited for man-in-the-middle attacks for networks. It has features as well as sniffing of live connections, content filtering. |
| Wireshark |
Wireshark tool is a tool that is known as one of the most popular packet sniffers. It offers an unlimited number of features designed to implement and assist in the dissection and analysis of traffic for it. |
| Tcpdump |
tcpdump is a tool that provides the ability to intercept and ability to observing TC P/IP and other packets during transmission over the network. |
| WinDump |
A Windows port the popular to Linux as well as packet sniffers at tcpdump, which is a command-line tool that is perfect for displaying header information through it. Due to the success of tcpdump on Unix-like operating systems os, it was “ported over” to the windows platforms to it, This simply means it was cloned to allow for Windows packet capturing it. |
| Dsniff |
This tool is a pair of tools designed to perform sniffing packets with differentiating protocols with the intention of intercepting and revealing passwords as well the Dsniff tool is designed for the Unix and Linux platforms and does not have a full equivalent on the Windows platforms for support. |
Sniffing Attacks:
| Name of Term | Description of term |
|---|---|
| MAC flooding | Send multiple fake MAC addresses to the switch until the CAM table is full. This puts the switch open on failure, where it propagates incoming traffic to all ports on the network. |
| DHCP attacks | A type of denial-of-service attack that exhausts all available server addresses. |
| DNS poisoning | Manipulate the DNS table by replacing a legitimate IP address with a malicious one. |
| VLAN hopping | Attack a host on one VLAN to access traffic on other VLANs. |
| OSPF attacks | Form a trust relationship with adjacent routers. |
Ethical Hacking Cheatsheet
Ethical hacking includes authorized attempts to gain unauthorized access to computer systems, applications, or data. Ethical hacking requires replicating the strategies and behaviors of malicious attackers. This practice helps identify security vulnerabilities, So they can be fixed before malicious attackers can exploit them.