Please enable JavaScript.
Coggle requires JavaScript to display documents.
Sniffing (Sniffing Tools (dsniff (macof, mailsnarf, filesnarf, msgsnarf…
Sniffing
Sniffing Tools
Omnipeek
Observer
SteelCentral
Sniff-o-matic
Capsa Network Analyser
Netstumbler
dsniff
macof
mailsnarf
filesnarf
msgsnarf (IM & IRC)
urlsnarf
sshmitm
Tcpdump / Windump
Kismet
Ministumbler
Etherape
Ettercap
Wireshark
tshark (CLI)
dumpcap (captures only)
capinfo (reads capture file)
text2cap (creates capture file from HEX dump)
AirPCap (802.11)
Defended By
SSL & SSH
IPSec
Pinging suspect sniffer with invalid MAC address. Response = NIC in promiscous mode
nmap --script=sniffer-detect <ip>
Static ARP & IP tables
DNSSEC (System Security Extension)
Vulnerable Protocols
Pop3 & IMap
FTP & HTTP
Telnet & RLogin
SNMP (v1) & NMTP
SPAN Port (Switcable Port Analyser)
Cisco
aka Port Mirroring
Promiscuous Package
winpcap (Windows)
libpcap (Linux)
Content Addressable Memory (CAM)
MAC - 48 bits (6 bytes)
1B ... 3B = Manufactorer
4B ... 6B - NIC Serial Number
Packet Crafter
ColaSoft