• Packet Sniffing Attack & Vulnerable Ethernet Communications – I

    by  • March 30, 2009 • Amol Wagh, Firewalls Breaking, IP, Packet Sniffing, Student Series • 0 Comments

    A wire-tap device that plugs into computer networks and eavesdrops on the network traffic is known as the Packet Sniffer or protocol analyzer. Same as we tap any phone call this sniffing allows us to listen to communication between two or more computers.

    Computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as “protocol analysis”, which allow them to “decode” the computer traffic and make sense of it. We don’t directly need to break in to actual communication, we can install device on network and tap other network’s conversation which is the other advantage of packet Sniffer.

    This shared technology is known as promiscus mode in sniffing, but bad news for black hats is this shared technology is getting transferred to Non-promiscus mode which is making it harder for intruder to install the sniffing programs.Internet is place where no place is available to see the all communication. Means we need to concentrate on single communication at a time. This architecture of internet prevents any single point of packet sniffing.

    Packet Sniffing

    Packet Sniffing

    If we have two machines in our own office talking to each other, and both are on the Internet. They take a direct route of communication, and the traffic never goes across the outside public portion of the Internet. Any communication anywhere in the net follows a similar “least-cost-path” principle.  Ethernet was built around a “shared” principle: all machines on a local network share the same wire.

    This scenario implies that all the machines are able to “see” all the traffic on the same wire. Therefore, the next Ethernet hardware is built with a “filter” that ignores all traffic that doesn’t belong to it. It does this by ignoring all frames whose MAC address doesn’t match their own. A wiretap program effectively turns off this filter, putting the Ethernet hardware into “promiscuous mode”. MAC works on non promiscus mode and so only that traffic can be heard who is on same Ethernet wire. Like victim and intruder should share same Ethernet wire to make any attack possible.

    To be Continued in Next Post . . .


    Author is a Tech blogger & loves to share his work on web by writing guidelines for Ethical Hacking students & Security professionals. Performing various types of hacking from pen test to smartphone hacking – He enjoys hacking just for personal research purpose. Working with more of 'grey as well as black hat' hackers for learning advanced hacking as well as defending techniques & share them with learners. His prime area of research is Cyber Criminals & currently working on a Video Product Development to teach hacking & Pen Testing for absolute beginners.