CEH Module 10: Sniffers

Ethical Hacking and  Version 6

Sniffers

Module Objective This module will familiarize you with: • • • • • • • • • • • • EC-Council

Sniffing Protoc Protocols ols vulner vulnerabl ablee to to sniffi sniffing ng Typ Types of sni sniff ffin ing g ARP ARP and and ARP ARP spoo spoofi fing ng att attac ack  k  Tool Toolss for for ARP ARP spoo spoofi fing ng MAC flooding Tool Toolss for for MAC MAC floo floodi ding ng Sniffing to tools Type Typess of of DNS DNS pois poison onin ing g Raw Raw sni sniff ffin ing g to tools Dete Detect ctin ing g snif sniffi fing ng Coun Counte term rmea eassures ures Copyright © by EC-Council  All Rights Reserved. Reproduction is Strictly Prohibited

Definition: Sniffing

Sniff niffer er is a ro ram ram or dev device ice tha that ca tur tures the vital information from the network traffic specific to a particular network  The objective of sniffing is to steal: • Password Passwordss (from (from email, email, the web, web, SMB, SMB, ftp, SQL, or telnet) • Emai Emaill text text • Files in transfer email files ft files or SMB) EC-Council

Copyright © by EC-Council  All Rights Reserved. Reproduction is Strictly Prohibited

Protocols Vulnerable to Sniffing Protocols that are susceptible to sn ers nc u e: • Telnet Telnet and Rlogin: Rlogin: Keystrok Keystrokes es includin including g user names names • • • • • •

EC-Council

HTTP: HTTP: Data sent in the clear text SMTP: SMTP: Passwor Passwords ds and data sent in clear text NNTP: NNTP: Password Passwordss and and data sent in clear text POP: Password Passwordss and data sent in clear text FTP: Passwor Passwords ds and data sent in clear clear text IMAP: IMAP: Password Passwordss and data sent in clear text

Copyright © by EC-Council  All Rights Reserved. Reproduction is Strictly Prohibited

Types of Sniffing

There are two types of  sniffing

Sn

EC-Council

ng t roug a Hub

Sn

ng t roug a Switch

Copyright © by EC-Council  All Rights Reserved. Reproduction is Strictly Prohibited