Sniffing is referred to as a process of monitoring and capturing the data packets passing through a given network. It is mostly used by system/network administrators to monitor and troubleshoot the network traffic. Sniffing allows you to see all sorts of traffic, both protected and unprotected. Attackers use this to capture data packets having sensitive information such as email traffic, FTP password, web traffic, router configuration, DNS traffic, and more.
Sniffing is divided into two types:
- Active sniffing:
In this, traffic is not only locked and monitored, but it may be altered in some way determined by the attack. It is used to sniff a switch-based network. It involves injecting the address resolution packets into a target network to switch on the content addressable memory table.
2. Passive sniffing:
In this, traffic is locked but not at all altered in any way. It works with hub devices, and traffic is sent to all the ports. Any traffic that is passing through the unbridged or non-switched network segment can be seen by all the machines on the segment.