Hello. My name is Dustin, and welcome to pen test basics sniffing
and just a quick disclaimer before we get started. This course is for learning purposes on Lee. What we show you is intended to expand. Your knowledge and skills were not responsible. If you decide to break the law,
we're going to learn about sniffing on. Networks will also discuss two of the most popular tools to sniff traffic. Wire shark in TCP dumb. Let's get started.
So what is sniffing?
Sniffing is using tools that allow you to perform really time monitoring an analysis of data
packets flowing across the network. There are many tools that both the network technicians and Attackers used to capture and analyze these packets, but two of the most common programs are wire sharp and TCP dump.
Both wire shark and TCP dump allow you to capture what's known as P caps or a pea cap file. Pea cap stands for packet capture and is the actual network traffic that you've captured from sniffing the network so you can capture alive
and then save it to a peek out for later analysis.
There are a lot of different types of packet sniffers you may encounter the 1st 1 is art sniffer in art sniffing. The network traffic is not sent to the hosts, but it sent to the art cache of both network hosts, which is then forwarded to the network administrator
are stiffer. Sniff the data when it's in the art cash. The AARP stiffer is popular among hackers as the data captured in the cash allows them to creating map of I P addresses and their associate ID Mac addresses. So with this, you can perform packets spoofing attacks,
search for specific router based vulnerabilities
and also perform are poisoning attacks.
The next type of sniffer eyes an I p. Sniffer I p sniffers sniff all the data that corresponds with a specific I P address filter.
This allows capturing of specific data packets for analysis and diagnosis. This method is also popular amongst hackers who may use it for stealing data and also stealing our hijacking the TCP session.
With this, they can also create fake TCP sessions and act as a man in the middle
and perform a variety of men in the middle attacks.
The next type of packet sniffer you'll probably encounter is a Max sniffer Max sniffers sniff all the data that corresponds with a spit specific Mac address. Filter
land sniffers. These air deployed on internal lands typically and have the capability to skin a complete I P Range
Protocol sniffers are used to sniff data that's related to a specific protocol used on the network
in the last one that we're going to mention is Web password sniffers and this Attackers can steal a CCP sessions
and parts through them to acquire log in credentials, including news rides and passwords.
Most websites nowadays protect their external facing Web pages. With SSL, they may not use SSL or may just use something. Ah, weaker are less than cure encryption for their internal Web pages. So if you're in inside the network staffing that, sniffing that traffic,
you could exploit this.
So why do Attackers like to use packet sniffing
the number? One reason on attacker will use a packet. Sniffing is re kon.
If myself, as an attacker can gain access, whether it's physical or digital access to your network, the first thing I'm going to do with Trent orient myself and see where I am.
The easiest way to do that without setting off a bunch of alarms right away is to just kind of passively start gathering information.
since I got on a box or a suit I got in the network, I just started running in map and seeing the network for hosts and vulnerabilities, I'd probably get caught really quick. So again, that first step's kind of lean back and capture some traffic. Let's see what's going on. What kind of traffic do I see going by?
what kind of network this is like a zit Avoid network? Or is it a computer network? You are just determined what protocols were running.
Ah, lot of the times. While sniffing traffic, I can actually capture a lot of passwords that are being passed through. I've typically seen this with, like, batch files that are used to set up computers. They may need a default password for a user name or something, and that's just passed in plain text on the network.
With a network tap, you'll also be able to perform ah, variety of man in the middle attacks