Sniffers

Group Members
Afaq Hassan
Rizwan Sanawar
Muhammad Umer
WHAT ARE SNIFFING ATTACKS ?

• Sniffing is the process of monitoring

and capturing all data packets that are
passing through a computer network
using packet sniffers.

• Packet Sniffers are used by network

administrators to keep track of data
traffic passing through their network.

• Attackers install these sniffers in the

system in the form of software or
hardware.
Packet Sniffing ?

• Packet sniffing is a technique of

monitoring every packet that
crosses the network.

• When any data has to be

transmitted over a network it is
broken down into smaller
unit/packets at sender node.
Types of Sniffing Attack

Passive Sniffing:
• Passive sniffing, refers to sniffing
through a hub.

• Passive sniffing allows listening

only.

• It works with Hub devices. On a

hub device, the traffic is sent to
all the ports.
 Types of Sniffing Attack
Active Sniffing:
• Active Sniffing refers to Switch Based Network.

• It involves injecting address resolution packets (ARP) into a

target network to flood on the switch content addressable
memory (CAM) table. CAM keeps track of which host is
connected to which port.
• CAM stands for Content Addressable Memory

Following are the Active Sniffing Techniques −

• MAC Flooding
• DHCP Attacks
• DNS Poisoning
• Spoofing Attacks
• ARP Poisoning
Types of Sniffing tools :

There are different types of sniffing tools used and they include:

• Wireshark
• Ettercap
• BetterCAP
• Tcpdump
• WinDump
Wireshark ?
Uses of Fireshark

• Network administrator use it to troubleshoot network problem.

• Network security Engineer use it to examine security problem.

• Developer use it to debug protocol implementation.

Features of Wireshark

• Wireshark analyze all the packet which are passing through the
network

• Avalaible for Unix and Windows

• Wireshark can capture traffic from many differnent network media

type including Wireless, Bluetooth, USB and more.....
 Tcpdump
• Network traffic travels in data packets; each data packet contains the information that it
needs to travel across the network.

• This information is contained in a TCP header. A TCP header will contain the destination
and source address, state information, and protocol identifiers.

• The rest of the packet contains the data that is being sent. Devices that are responsible for
routing read the information in these packets and send them to their correct destination.

• Sniffing is a process that passively monitors and captures these packets.

Explain Tcpdump

• Tcpdump is primarily a network monitoring and management utility that captures

and records TCP/IP data on the run time.

• Tcpdump is a packet-sniffing tool that is used by network administrators to

sniff and analyze traffic on a network

• Tcpdump is designed to provide statistics about the number of packets received

and captured.