Please enable JavaScript.
Coggle requires JavaScript to display documents.
Network Sniffing - Eavesdropping (Wired LAN) (MITM (ARP Protocol layer 2…
Network Sniffing - Eavesdropping
(Wired LAN)
Active sniffing
Direct interactions with target
Spoofing: ARP & MAC
MITM
ARP Protocol
layer 2 OSI
Adress resolution protocol
Resolve an IP address to a MAC address
Attacks vectors
MAC flooding
Send huge amount of ARP replies to a switch, Overloading CAM table.
Once it overload it goes into HUB mode ! => Broadcast
Do not work on
switch, builtin protections
Tools : Macof
ARP poisonning / spoofing
Send spoofed ARP replies to a target telling that an IP addr is associated with the attacker MAC addr, poisoning the target ARP cache.
Do the same in the other side, the traffic will transit from targets to attacker.
/!\ traffic must be redirected after beeing received ! ie : enable IP forwarding
Tools : ARPspoof + Dsniff
SSL Strip
DNS spoofing
Tools: Ettercap
DHCP Spoofing
DHCP requests are broadcasted
Reply to the request before the DHCP Server does
Promiscuous / Nonpromiscuous mode
HUB vs SWITCH
HUB : Layer 1 OSI : Broadcast * : Storms : Bandwidth used : Easy eavedropping !
==> Creation of Switches (Layer 2 OSI ) which forward pckts only to target, Uses ARP
Passive Sniffing
Listening and capture