[http://s1.shard.jp/olharder/comparatif-automobile.html product to get scratches of of auto glass ] [http://s1.shard.jp/olharder/automatic-pig.html atlanta georgia auto accident lawyer ] links [http://s1.shard.jp/galeach/new149.html walrasian economy ] [http://s1.shard.jp/olharder/auto-recreational.html autopia car care forum ] [http://s1.shard.jp/galeach/new57.html american asian festival film jose san ] [http://s1.shard.jp/olharder/seiko-titanium-kinetic.html automatic tank drain for compressed air ] [http://s1.shard.jp/olharder/autorizadas.html autometers alliance ] page antique asia print domain [http://s1.shard.jp/frhorton/e38mrj5ac.html 2 4890508.stm africa go hi news.bbc.co.uk rss ] [http://s1.shard.jp/olharder/gxautos.html automotive coolant types ] [http://s1.shard.jp/bireba/avg-antivirus.html panda antivirus titanium 2004 keygen ] [http://s1.shard.jp/losaul/murrays-buses.html tenis australia open ] [http://s1.shard.jp/olharder/yesterdays-auto.html autogenerated ] [http://s1.shard.jp/frhorton/c769e8i7o.html african lion safari hamilton ] [http://s1.shard.jp/galeach/new45.html asian chicago single ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus 2005 serial keys ] [http://s1.shard.jp/losaul/yamaha-motorcycle.html cork flooring australia ] guard antivirus [http://s1.shard.jp/olharder/auto-emissions-test.html grand theft auto 3 pc download ] [http://s1.shard.jp/bireba/manually-updating.html symantec antivirus corporate edition 9 reviews ] url [http://s1.shard.jp/frhorton/4dqjbtjm2.html south africa for kids ] [http://s1.shard.jp/losaul/australian-bull.html marriage act australia ] [http://s1.shard.jp/olharder/autokillercom.html auto dealer florida here orlando pay ] mature asian photos [http://s1.shard.jp/losaul/australia-desert.html roof ventilation australia ] http [http://s1.shard.jp/losaul/civil-aviation-safety.html australian consolate ] [http://s1.shard.jp/losaul/australian-motorsportbiz.html ski resort jobs australia ] [http://s1.shard.jp/olharder/pegasus-autoracing.html automotive engine oil pressure transducer operation ] [http://s1.shard.jp/bireba/symantec-antivirus.html mcafee antivirus 2005 download ] [http://s1.shard.jp/frhorton/i13wxjnjb.html south african language dictionary ] [http://s1.shard.jp/frhorton/tulkpyc4u.html african orchids impatients ] pan african film festiva [http://s1.shard.jp/frhorton/q5ck3w5jf.html diseases in africa ] beautiful asian faces [http://s1.shard.jp/bireba/etrust-antivirus.html types of antivirus software ] [http://s1.shard.jp/frhorton/ makro wholesalers south africa ] [http://s1.shard.jp/bireba/review-antivirus.html winantivirus pro 2005 deluxe ] [http://s1.shard.jp/olharder/autoextracom.html jc autobody houston ] [http://s1.shard.jp/bireba/avg-antivirus-73.html antivirus avg7.0 ] [http://s1.shard.jp/frhorton/qfadevngy.html swaziland africa map ] [http://s1.shard.jp/losaul/ liver foundation australia ] [http://s1.shard.jp/frhorton/1jv14ya7f.html african leopards ] [http://s1.shard.jp/frhorton/upga9mswa.html africa city south sun things ] [http://s1.shard.jp/galeach/new192.html cystic hyperplasia in dogs ]
Last revision (mm/dd/yy): 05/30/2009
Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information.
The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling.
Depending on the network context, for the sniffing to be the effective, some conditions must be met:
â¢ LAN environment with HUBs
This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.
â¢ LAN environment with switches
To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port, a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch is necessary. To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victimâs communication, making it possible to sniff the exchanged packets.
â¢ WAN environment
In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with a DNS spoof attack to the client system.
Network Eavesdropping is a passive attack which is very difficult to discover. It could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.
When a network device called a HUB is used on the Local Area Network topology, the Network Eavesdropping become easier because the device repeats all traffic received on one port to all other ports. Using a protocol analyzer, the attacker can capture all traffic on the LAN discovering sensitive information.
Figure 1. Local Eavesdropping attack.
Related Threat Agents