Types of Sniffing Attacks:
There are various types of sniffing attack such as –
- LAN Sniff – The sniffer attacks the internal LAN and scans the entire IP gaining access to live hosts, open ports, server inventory etc.. A port specific vulnerability attacks happens in LAN sniffing.
- Protocol Sniff – Based on the network protocol used, the sniffer attacks occurs. The different protocol such as ICMP, UDP, Telnet, PPP, DNS etc. or other protocols might be used.
- ARP Sniff – ARP Poisoning attacks or packet spoofing attacks occur based on the data captured to create a map of IP address and associated MAC addresses.
- TCP Session stealing – TCP session stealing is used to monitor and acquire traffic details between the source & destination IP address. All details such as port number, service type, TCP sequence numbers, data are stolen by the hackers.
- Application level sniffing – Applications running on the server are attacked to plan an application specific attack.
- Web password sniffing – HTTP session created by users are stolen by sniffers to get the user ID, password and other sensitive information.
Tools used for Packet Sniffing:
Lets see various sniffing tools used currently and widely in the industry –
- Wireshark – Widely used network protocol analyzer to monitor network and packet flows in the network. It is free and works in multi platforms.
- Tcpdump – It has less security risk, requires few resource only. In windows it runs as WinDump.
- Dsniff – Used to sniff different protocols in UNIX and Linux systems only, to sniff and reveal passwords.
- NetworkMiner – Makes network analysis simple, to detect host and open ports through packet sniffing. It can operate offline.
- Kismet – Specifically used to sniff in wireless networks, even from hidden networks and SSIDs. KisMac is used for MAC and OSX environment.
There are various other packet sniffing tools such as EtherApe, Fiddler, OmniPeek, PRTG Network monitor and so on.