Network Eavesdropping

Revision as of 03:21, 27 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ eurasianet ] [ mothers day australia 2005 ] [ about automotive technology ] [ ] [ massage equipment australia ] [ african catfish breeding ] domain [ antivirus software downloadable ] [ south africa democracy 1994 ] [ national auto parts a ] australian artists queensland [ star news paper in south africa ] norton antivirus live update error [ vet antivirus free download ] [ talbot victoria australia ] [ antivirus spyware protection ] norton antivirus freeware download [ african peer review ] http cycling races south africa [ giant antivirus software ] [ anastasia - bartok ] [ mac affee antivirus ] [ antivirus stop ] [ african american chamber commerce philadelphia ] [ south africa cape town university ] [ chock full of asian ] keystone automotive catalog [ running race results south africa ] [ australia orange juice ] [ the african rainforest ] [ nortons antivirus 2004 download ] [ asian massage chicago illinois ] http map [ auto plus relocation ] [ asian market offshore brokerage account ] [ center.antivirusoverride security window ] [ african american house publishing ] [ western australia weather forecasts ] asian friends society edinburgh [ sentrasia ] [ african american baby clip art ] [ australian boy models ] [ www african masks ] [ electoral register search australia ] top [ a political map of south east asia ] [ pandaantivirus software ] [ animales autotrofos ] africa day gift mother south pc world antivirus software [ 64bit antivirus software ] [ mcafee antivirus programs ] antivirus tests reviews [ addison automation force in sales ] [ african american romance author ] [ talbot victoria australia ] [ portable antivirus software ] http [ aliens autopsy ] diabetes australia queensland [ download antivirus for free ] [ asian swamp eel ] [ openantivirus ] [ neighbours soap australia ] [ panda antivirus free ] [ movie south africa apartheid ] [ nedbank branches south africa ] [ panda titanium antivirus 2005 download ] top [ history of south african cinema ] [ antivirus software downloadable ] [ coal company australia ] [ abcs africa ] [ australian mammal society ] [ how to completely remove norton antivirus 2004 ] [ stop overs to australia ] [ brazil air travel to africa ] [ automatic california equipment test ] downloads antivirus [ time western australia ] [ auto dismantler ] http [ affordable africa vacation ] links [ antivirus software free ] [ canadian auto racing ] [ outline map of the middle east and north africa ] [ automotive leasing companies ] [ indiana auto dealers association ] [ african men pics ] [ western australia tourist destinations ] [ how to obtain a visa for australia ] [ antivirus grisoft ] [ asian pacific islander legal outreach san francisco ] [ australian travel warnings ] [ south african pharmaceutical regulatory affairs association ]

This is an Attack. To view all attacks, please see the Attack Category page.

Last revision (mm/dd/yy): 05/27/2009


Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information.

The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling.

Depending on the network context, for the sniffing to be the effective, some conditions must be met:

• LAN environment with HUBs

This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.

• LAN environment with switches

To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port, a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch is necessary. To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.

• WAN environment

In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with a DNS spoof attack to the client system.

Network Eavesdropping is a passive attack which is very difficult to discover. It could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.

Risk Factors



When a network device called a HUB is used on the Local Area Network topology, the Network Eavesdropping become easier because the device repeats all traffic received on one port to all other ports. Using a protocol analyzer, the attacker can capture all traffic on the LAN discovering sensitive information.


Figure 1. Local Eavesdropping attack.

Related Threat Agents

  • TBD

Related Attacks

Related Vulnerabilities

Related Controls