![]() ![]() This is used to poison cache on other machines.Gratuitous ARP - special packet to update ARP cache even without a request.Works on a broadcast basis - both requests and replies are broadcast to everyone.Each computer maintains it's own ARP cache, which can be poisoned.IP shows source and destination addresses ![]() TCP shows sequence numbers (usable in session hijacking) SMTP v3 limits the information you can get, but you can still see it.įTP sends user ID and password in clear text SMTP is sent in plain text and is viewable over the wire. IMAP, POP3, NNTP and HTTP all send over clear text data Some of the protocols that are vulnerable to sniffing attacks. Switches have a collision domain for each port.Hubs by default have one collision domain.Traffic from your NIC (regardless of mode) can only be seen within the same collision domain.CSMA/CD - Carrier Sense Multiple Access/Collision Detection - used over Ethernet to decide who can talk.Promiscuous mode - NIC must be in this setting to look at all frames passing on the wire.NICs normally only process signals meant for it.Second half ensures no two cards on a subnet will have the same address.First half of address is the organizationally unique identifier - identifies manufacturer.Displayed as 12 hex characters separated by colons.MAC (Media Access Control) - physical or burned-in address - assigned to NIC for communications at the Data Link layer.Sniffing is capturing packets as they pass on the wire to review for interesting information.Port mirroring - another word for span port.Network tap - special port on a switch that allows the connected device to see all traffic.Modern switches sometimes don't allow span ports to send data - you can only listen.Not all switches have the ability to do this.Span port - switch configuration that makes the switch send a copy of all frames from other ports to a specific port.Active sniffing - uses methods to make a switch send traffic to you even though it isn't destined for your machine.Passive sniffing - watching network traffic without interaction only works for same collision domain.It is also called wiretapping applied to the computer networks. It is a form of “tapping phone wires” and get to know about the conversation. Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |