Introduction to Sniffing

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
28 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:00
Hello. My name is Dustin, and welcome to pen test basics sniffing
00:05
and just a quick disclaimer before we get started. This course is for learning purposes on Lee. What we show you is intended to expand. Your knowledge and skills were not responsible. If you decide to break the law,
00:19
we're going to learn about sniffing on. Networks will also discuss two of the most popular tools to sniff traffic. Wire shark in TCP dumb. Let's get started.
00:32
So what is sniffing?
00:34
Sniffing is using tools that allow you to perform really time monitoring an analysis of data
00:41
packets flowing across the network. There are many tools that both the network technicians and Attackers used to capture and analyze these packets, but two of the most common programs are wire sharp and TCP dump.
00:55
Both wire shark and TCP dump allow you to capture what's known as P caps or a pea cap file. Pea cap stands for packet capture and is the actual network traffic that you've captured from sniffing the network so you can capture alive
01:12
and then save it to a peek out for later analysis.
01:19
There are a lot of different types of packet sniffers you may encounter the 1st 1 is art sniffer in art sniffing. The network traffic is not sent to the hosts, but it sent to the art cache of both network hosts, which is then forwarded to the network administrator
01:37
are stiffer. Sniff the data when it's in the art cash. The AARP stiffer is popular among hackers as the data captured in the cash allows them to creating map of I P addresses and their associate ID Mac addresses. So with this, you can perform packets spoofing attacks,
01:55
search for specific router based vulnerabilities
01:57
and also perform are poisoning attacks.
02:01
The next type of sniffer eyes an I p. Sniffer I p sniffers sniff all the data that corresponds with a specific I P address filter.
02:12
This allows capturing of specific data packets for analysis and diagnosis. This method is also popular amongst hackers who may use it for stealing data and also stealing our hijacking the TCP session.
02:28
With this, they can also create fake TCP sessions and act as a man in the middle
02:35
and perform a variety of men in the middle attacks.
02:38
The next type of packet sniffer you'll probably encounter is a Max sniffer Max sniffers sniff all the data that corresponds with a spit specific Mac address. Filter
02:52
land sniffers. These air deployed on internal lands typically and have the capability to skin a complete I P Range
03:00
Protocol sniffers are used to sniff data that's related to a specific protocol used on the network
03:08
in the last one that we're going to mention is Web password sniffers and this Attackers can steal a CCP sessions
03:17
and parts through them to acquire log in credentials, including news rides and passwords.
03:23
Most websites nowadays protect their external facing Web pages. With SSL, they may not use SSL or may just use something. Ah, weaker are less than cure encryption for their internal Web pages. So if you're in inside the network staffing that, sniffing that traffic,
03:44
you could exploit this.
03:47
So why do Attackers like to use packet sniffing
03:52
the number? One reason on attacker will use a packet. Sniffing is re kon.
03:58
If myself, as an attacker can gain access, whether it's physical or digital access to your network, the first thing I'm going to do with Trent orient myself and see where I am.
04:10
The easiest way to do that without setting off a bunch of alarms right away is to just kind of passively start gathering information.
04:17
If I
04:19
since I got on a box or a suit I got in the network, I just started running in map and seeing the network for hosts and vulnerabilities, I'd probably get caught really quick. So again, that first step's kind of lean back and capture some traffic. Let's see what's going on. What kind of traffic do I see going by?
04:39
Can I determine
04:41
what kind of network this is like a zit Avoid network? Or is it a computer network? You are just determined what protocols were running.
04:48
Ah, lot of the times. While sniffing traffic, I can actually capture a lot of passwords that are being passed through. I've typically seen this with, like, batch files that are used to set up computers. They may need a default password for a user name or something, and that's just passed in plain text on the network.
05:09
With a network tap, you'll also be able to perform ah, variety of man in the middle attacks
Up Next
Pentest Fundamentals: Sniffing

In Pentest Fundamentals: Sniffing, Dustin Parry explains what sniffing is, the different types of sniffing tools, and the reason why attackers perform packet sniffing. Some of the sniffing tools that the instructor concentrates on are Wireshark and TCPdump, and he uses these tools to capture data and analyze it.

Instructed By