Hello Friends, today we will learn about Sniffing network traffic ? So, Have you ever sniffed a network before or do you know what that is , don’t worry because you are going to learn a lot in this article about it. Which is going to be really valuable later on. Another popular technique that can be used to gain access to systems is network sniffing. Sniffing is the process of capturing and viewing traffic as it is passed along the network. Several popular protocols in use today still send sensitive and important information over the network without encryption. Network traffic sent without using encryption is often referred to as clear text because it is human readable and requires no deciphering. Sniffing clear text network traffic is a trivial but effective means of gaining access to systems. Before we begin sniffing traffic, it is important that you understand some basic network information. The difference between promiscuous mode and non-promiscuous network modes will be discussed first.
By default most network cards operate in non-promiscuous mode. Non-promiscuous mode means that the network interface card (NIC ) will only pass on the specific traffic that is addressed to it. If the NIC receives traffic that matches its address, the NIC will pass the traffic onto the CPU for processing. If the NIC receives traffic that does not match its address, the NIC simply discards the packets. In many ways, a NIC in non-promiscuous mode acts like a ticket taker at a movie theatre. The ticket taker stops people from entering the theatre unless they have a ticket for the specific show. Promiscuous mode on the other hand is used to force the NIC to accept all packets that arrive. In promiscuous mode, all network traffic is passed onto the CPU for processing regardless of whether it was destined for the system or not.
In order to successfully sniff network traffic that is not normally destined for your PC, you must make sure your network card is in promiscuous mode. You may be wondering how it is possible that network traffic would arrive at a computer or device if the traffic was not addressed to the device. There are several possible scenarios where this situation may arise. First any traffic that is broadcast on the network will be sent to all connected devices. Another example is networks that use hubs rather than switches to route traffic. A hub works by simply sending all the traffic it receives to all the devices connected to its physical ports. In networks that use a hub, your NIC is constantly disregarding packets that do not belong to it. For example, assume we have a small 8-port hub with 8 computers plugged into the hub. In this environment when the PC plugged into port number 1 wants to send a message to the PC plugged into port number 7, the message (network traffic) is actually delivered to all the computers plugged into the hub.
However, assuming all the computers are in non-promiscuous mode, machines 2–6 and 8 simply disregard the traffic. Many people believe you can fix this situation by simply swapping your hubs with switches. This is because unlike hubs that broadcast all traffic to all ports, switches are much more discrete. When you first plug a computer into a switch, the MAC address of the computer’s NIC is registered with the switch. This information (the computer’s MAC address and switch’s port number) is then used by the switch to intelligently route traffic for a specific machine to the specific port. Going back to your previous example, if a switch is being used and PC 1 sends a message to PC 7, the switch processes the network traffic and consults the table containing the MAC address and port number. It then sends the message to only the computer connected to port number 7. Devices 2–6 and 8 never receive the traffic.so there you have it, I hope this can get you started you can research on tutorials and stuff and work some network sniffing projects.
Leave a Reply