What is a Passive Attack and How is it different from an Active Attack?

Cyber SecurityAnti VirusSafe & Security

A passive network assault is one in which a system is monitored for open ports and vulnerabilities. A passive attack attempts to obtain or use information from the system while inflicting no harm to the system's resources. Passive attacks are characterized by eavesdropping or monitoring transmission. The opponent's goal is to intercept the data being transmitted.

Active and passive reconnaissance are examples of passive assaults. Reconnaissance is a military phrase that refers to the process of exploring hostile territory to obtain intelligence. Reconnaissance is the act of examining a system or network to acquire information before launching a complete attack in the context of computer security.

Active Reconnaissance

The intruder interacts with the target system to learn about its flaws. Port scanning is common technique attackers use to discover which ports are open and what services are running on them. "Port scanning" is a widely used method by attackers to discover which ports are open and what services are running on them.

Passive Reconnaissance

For the sole objective of gathering information, the intruder observes the system for weaknesses without interfering. Frequently, an attacker will observe a user's online experience and then utilize information gleaned from that session to launch a subsequent attack.

Active Attack vs. Passive Attack

An active attack tries to change the system's resources or disrupt its functions, including tampering with the data stream or fabricating misleading claims.

The intruder changes data on the target system or data in transit between target systems during an active attack. The attacker attempts to break into a system or obtain access to a user's data by exploiting a vulnerability. An active attacker communicates with it before extracting information or making modifications to the target. On the other hand, a passive attacker intercepts network traffic or analyses files from the target without interacting with it directly.

In an active attack, interactions usually take the form of impersonation, message alteration, session replays, or denial of service assaults. Passive assaults frequently precede active attacks since an attacker may utilize the information acquired to launch an aggressive attack in the future.

Types of Passive Attacks

Following are the different forms of passive attacks −

Eavesdropping Attack

An eavesdropping attack is considered a type of passive attack. The goal of an eavesdropping assault is to steal data sent between two devices connected to the internet. Eavesdropping includes traffic analysis. An eavesdropping attack occurs when attackers introduce a software package into the network channel to record future network data for research purposes.

To collect network traffic, attackers must be forced to enter the network route between the endpoint and the UC system. It will be easier for the attacker to put a software package into the network path if there are extra network methods and lengthier network methods.

Release of Messages

Another type of passive attack is the release of messages. The attackers use a virus or malware to install a program on the device to monitor the device's operations, such as text messages, emails, or any transmitted files that include personal data and information. The attackers will use the data to gain access to the device or network.

Other attacks that have evolved due to the exponential interconnection of insecure devices such as the IoT ecosystem include protocol-specific attacks and wireless device networks-based attacks.

The communication protocol used in IoT-based, largely sensible-home systems, for example, is RPL (Routing protocol for low-power and lossy networks). This protocol is used because it is compatible with resource-constrained IoT devices that cannot utilize older protocols.

Traffic Analysis Attack

A traffic analysis attack occurs when a hacker attempts to access the same network as you to listen to (and record) all of your network communication. The hacker can then examine that traffic to learn more about you or your firm. As a result, unlike other, more well-known assaults, a hacker is not actively attempting to break into your systems or crack your password.

Traffic analysis attack includes evaluating network traffic as it passes between the target systems. These sorts of attacks employ statistical approaches to study and interpret network traffic patterns. These attacks can be carried out on encrypted network communication, although unencrypted traffic is more common.


Footprinting is the process of acquiring as much data on the target's network, hardware, software, and workers as possible. Footprinting collects data about the target, including IP address, domain name system information, and employee ID. Footprinting is also the initial stage in a penetration test's data collection.


By scanning weak Wi-Fi networks from surrounding regions with a handheld antenna, wardriving discovers them. A massive strike like this is usually carried out from a moving vehicle. Hackers will occasionally use a GPS to layout vulnerable locations on a map. Wardriving is done to steal an internet connection or as a warm-up exercise for a future attack.

Updated on 04-May-2022 13:43:14