Introduction to Sniffing

00:01

Hey, everyone, welcome back to the course in this video. We're gonna go over a brief introduction to sniffing, so we'll talk about what network sniffing actually is, and we'll talk about some of the different types of sniffing.

00:11

So what is sniffing? Well, essentially, it's just a process of monitoring and capturing data packets that are passing across the network. We could use a variety of tools to do so things like wire shark or TCP dumb. But basically we're capturing that information.

00:25

And then we're looking at the information and identifying things that are useful to us. So it could be

00:31

information like credentials.

00:35

And the best way to think of sniffing is like the old spy movies. Your your wiretapping right. You're essentially plugging yourself into the communication between a couple of different parties.

00:47

So when we talk about sniffing, we talk about two main types, passive and active. So passive sniffing is what I just described where we just plug ourselves in and we're essentially just monitoring that traffic and listening to it to try to get the information that we need again could be something like user credentials.

01:03

One key thing to remember with passes sniffing is we're not injecting

01:07

additional packets into the network traffic, so we're literally just plug in ourselves in and listening to the information, whereas with active sniffing, we are injecting those packets. So that's a key thing that you want to remember if you decide to take the easy Council certified ethical hacker examination

01:25

and then we have active sniffing. So this is where we are injecting those packets and one of the goals is to force a switch to behave more like a hub back in the day where it sends all the traffic to all the devices and not just a device it's intended. For

01:38

many ways. We can do this many ways. We could do active sniffing, so things like Mac flooding, art poisoning, DNS poisoning. We can do things like D. H. C P. Attacks, uh, spoofing attacks, etcetera, etcetera, and we'll talk about some of these different types of attacks a little later on in the course.

01:55

So just a quick, quick question here for you and this type of sniffing. The adversary injects packets to force a switch to act as a hub. So is that gonna be active passive or is that gonna be decode.

02:07

All right, that was pretty easy, right? So if you guess active, you were correct Again active. We're injecting those packets in thio, trying to force a switch back into hub mode where it's gonna send all that traffic to all the devices on the network as opposed to passive, where we're literally just pretend we're a spy and we're plugging in

02:24

to the communication between two other spies.

02:27

That's all we're doing with passive sniffing.

02:30

So in this video, we just briefly covered what network sniffing is. We also talked about some of the different types of network sniffing again passive and active are the main ones you want to know for the CH exam and again remembering that active is the one where we're injecting the packets in. So think of like your doctor being active, they're actively injecting you with the medicine.