What is Packet Sniffing
Tutorials Shared by the Internet Community
Total Hits - 2295
Total Votes - 13 votes
Vote Up - 9 votes
Vote Down - 4 votes
Domain - www.kalilinuxhack.com
Category - Networking/Networking
Submitted By - sandip
Submitted on - 2017-02-26 12:48:07
Sniffer Attack. A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.Attacker store the incoming and outgoing data into the packet using network sniffer tool.Apart from network sniffer,lots of packet sniffer and packet analysis tools is available which is used to check the sniffed packed.
Wiretapping is a process of monitoring the telephone and internet conversations by a third party attackers connect a hardware or software or combination of both to the switch carrying information between two phones or hosts on the internet.
Types of wire taping
1. Active wire taping: It only monitors, records the traffic (silently) and also alters the traffic.
2. Passive wire taping: It only monitors and records the traffic.
Sniffing attacks are vulnerable to following protocols.
In network sniffing attacks are mostly done on data link layer and network layer of OSI reference model based switches
Recommended sniffing tool is Wireshark.
Wireshark is available for both windows and Linux, it is the best tool for sniffing and it’s absolutely free.
You can download Wireshark from their official site Wireshark download.
1. HTTP Cookie: It is a small piece of data sent from a website and stored in the user’s web browser while the user is browsing it.
Every time the user loads the website. a browser sends a cookie back to the server to notify the user’s previous activity.
This is how Facebook tracks your behavior on the internet and according to that, the ads are shown on your wall.
2. Session ID: A session ID is a unique number that a website server assigns a specific user for the duration of that users to visit or session.
The session ID can be stored as a cookie, form feed or URL. Some web servers generate session ids by simply incrementing static members. Every time an internet user visits a specific website, a new session id’s assigned. Closing a browser and then re-opening and visiting the site again generates a new session ID. However, the same session ID is sometimes maintained as long as the browser is open in some cases web servers terminate a session and assigns a new session ID after a few minutes of inactivity.
It is when a hacker takes control of a user session after the user has successfully authenticated with a server, session hijacking involves an attack identifying the current session ids of a client or server communication and taking over the client’s session. Session hijacking is made possible by tools that perform sequence number prediction.
What is Social Engineering?
Social engineering is a non-technical method of breaking into a system or network it is the process of deceiving. Users of a system and convincing them to perform acts useful to the hacker such as giving out information that can be used to defeat or bypass security mechanisms.
Social Engineering is important to understand because hackers can use it to attack a human element of a system and circumvent technical security measures. This method can be used to gather information before or during an attack.
Social engineering is divided into 3 methods.
1. Phishing: The practices of sending emails appearing to be from reputable sources with the goal of influencing or aiming personal information.
2. Vishing: The practice of extracting information or attempting to influence action via the telephone.
3. Impersonation: The practice of pretexting as another person with the goal of obtaining information or access to a person, company or computer system.
Social Engineering Countermeasures in a corporate environment
1. Train employees and helpdesk to never reveal passwords or other information by phone.
2. Implement script bad from a token or biometric authentication, employee training and security guards.
3. Employee trainee, best practices, and checklist for using passwords and escort all guests from shoulder surfing based attacks.
4. Lock and monitor mail room from theft, damage or forging of mail based attacks.
5. Keep the phone closed, server rooms locked at all times and keep updated inventory on equipment
for attacks like attempting to gain access, remove equipment and attach a protocol analyzer to grab the confidential data.
What is DOS attack?
DOS ( Denial of Service) is an attack on a computer or network that prevents the genuine use of its resources. In a DoS attack attackers flood a victim’s system or network with an illegal service request or traffic to overload its resources which prevent it from performing intended tasks.
DDoS (Distributed Denial of Service) attack
A DDoS attack involves a multitude of compromise systems attacking a single target thereby causing DoS for users of the target system. To launch a DDoS attack an attacker uses BOTnets which are created using “RAT” and attacks a single system.
Types Of DoS and DDoS attacks
2.Service Request Floods
4.Protocol based attacks
5.HTTP flood attack
6.SYN flood attack
7.UDP flood attack
8.TCP flood attack
DoS and DDoS attacks Countermeasures
1.Configure the firewall to deny external ICMP traffic access.
2.Secure the remote administration and perform connectivity testing.
3.Disable unused and insecure services.
4.Update OS kernel to the latest release.
5.Prevent the transmission of the fraudulently addressed packets at ISP level.
6.Use a better network card to handle a large number of packets.
7.Deploy honey-pot in the network to capture the signatures of DDos attacks and apply intrusion prevention system to stop the attack. More detail...