Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide Types of Sniffing



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə90/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   86   87   88   89   90   91   92   93   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

140
◾ 
Ethical Hacking and Penetration Testing Guide
Types of Sniffing
Sniffing can be primarily divided into two main categories:
1. Active sniffing
2. Passive sniffing
Active Sniffing
Active sniffing is where we directly interact with our target machine, by sending packets and 
requests. ARP spoofing and MAC flooding are common examples. Active sniffing is what we will 
focus more on.
Passive Sniffing
In passive sniffing, the attacker does not interact with the target. They just sit on the network and 
capture the packets sent and received by the network. This happens in the case of hub-based net-
works or wireless networks, which we will discuss in the following.
Hubs versus Switches
In order to fully understand how sniffing works, you need to understand the difference between 
hub-based and switch-based networks. Unlike hubs, which operate on the physical layer (Layer 1) 
of the OSI model, switches operate on layer 2 of the OSI model on which almost all modern net-
works are based.
Host A
Host B
Printer


Network Sniffing
◾ 
141
Let’s assume that this topology runs on a hub-based network and that “Host A” would like to 
communicate with “Host B.” It will forward the traffic to the hub. A hub is designed in such a way 
that it 
broadcasts
all the traffic, meaning that it will forward the traffic to 
all the hosts on a network
.
Since the IP header contains the destination address of “Host B,” any other device receiving 
the frames will drop it. The technical flaw in this design is that lots of bandwidth is utilized and 
broadcast storms are created. The security flaw in the design is that an attacker could run a sniffer 
to capture all the traffic that is received on his computer as the traffic is broadcasted on a hub-
based network.
To mitigate this issue, switch was introduced. Switch is a smarter device because, unlike hubs, 
it does not broadcast the traffic to every host on the network; it will forward the frames only to the 
host the traffic is destined for. The switch uses an ARP protocol to perform this job. We will talk 
about ARP and its security flaws in the following sections.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   86   87   88   89   90   91   92   93   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin