Introduction to Sniffing Traffic

[toggle_content title="Transcript"] Hi Leo Dregier here. This is one of my favorite models sniffing and analyzing traffic of all the years that I have done that. I boil it all down to analyzing traffic or analyzing the signature of information as it is moved across the network. This is a lot of fun at the end of the day. It is packet analysis. Also What is critical in this section is to realistically take a OSI model or a DOD model approach to this. You need to know how to layer three things behave, versus layer two things behave versus maybe something like layer seven or the application layer. So knowing your OSI model is really helpful here and then actually sniffing or analyzing the traffic. There is a variety of tools in which we can use to analyze traffic. Common ones being things like TCP dump or the classic wire shark. But then there is also short cuts that you can take like T shark. Which is a terminal water shark... Ultimately we have to focus on what happens at the OSI model and different layers of it and the different signatures which our applications identify themselves as. So part of this will just taking something as simple as DHAP and analyzing the process or sniffing the DHCP process. Also how do mac addresses naturally work on a network. This is also critical because if you know how they work and you know normal behavior is. Well then you can start doing things like arp spoofing or mac flooding and some of the more advanced attack techniques. Also DNS taking apart the DNS process looking at name resolution from literally a traffic analysis standpoint and then you can spend that off and to just about any other application you want. How does LDAP look from traffic analysis point of view. SMTP or mail or POP3 what is in clear text versus what is encrypted. If it is encrypted what can we see from the outside or the wrapper portion of that. Can you tell what types of algorithms is it symmetric? Is it asymmetric? So by dissecting the traffic and sniffing and analyzing the traffic you can tell exactly what is going on, on a network. So this is the raw traffic. Now most of this we are going to use for the principal of disclosure or the principal of confidentiality but there is a lot more to it than that. It is understanding how traffic works on a network and how to use that to your advantage as an attacker. So let us go ahead and spend some time really digging into using this source. So in the beginning part of the module I want to show you some basic techniques. Just using the tools when we get to the advanced penetration testing for sniffing. I want to show you how to make your life easier using some minor options but ultimately you are just going to make your life really, really easy in terms of documentation and reporting. So let us go ahead and get started. [/toggle_content] Welcome to the Sniffing Traffic Module for Penetration Testing and Ethical Hacking. The Sniffing Traffic module explores and discusses the techniques for sniffing and analyzing network traffic as part of your penetration testing strategy.  The goal is to identify the signatures of information as it’s moved across the network – this is basic packet (information) analysis 101. The Sniffing Traffic series also stresses the importance of OSI Model knowledge, and it demonstrates how critical it is to know and understand how each layer of the OSI performs, what happens there, and the impact on information as it moves from one OSI layer to another. The topics explored in the Sniffing Traffic Module include:
  • Whiteboard, which shows the interrelationship of all the basic components utilized for this module
  • And the following simulation labs:
    • macof
    • Driftnet
    • smac Windows 
    • tshark
    • urlshark
    • WebSpy
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?