PACKET SNIFFING SUDHIR BAKHRU SJSU CMPE 294 AGENDA
PACKET SNIFFING SUDHIR BAKHRU SJSU CMPE 294
AGENDA Part 1 - Sniffing Part 2 – Anti-Sniffing Part 3 – Wrap up
What is Packet Sniffing? Packet sniffing also known as network analyzer/protocol analyzer is a method of tapping each packet as it flows across the network; i. e. , it is a technique in which a user sniffs data belonging to other users of the network. Packet sniffers can operate as an administrative tool or for malicious purposes [1].
Methods IP-based MAC-based ARP-based
ARP based [2]
Example - Wireshark
Uses of Packet Sniffing Network Monitoring Analysis of problems arising in the network Detection of unwanted network traffic Debugging
Anti Sniffing “If he can sniff me, I can sniff him!”
Anti Sniffing ARP based detection ◦ Promiscuous mode based detection ◦ Software filtering based detection RTT based detection
CONCLUSION There has been a long debate about whether packet sniffing is a “curse” or a “boon”. Packet Sniffing with proper measures taken is great concept for various network monitoring activities.
References [1] Ansari Sabeel, S. G. Rajeev, Chandrashekhar H. S. , Packet Sniffing – A brief Introduction, December 2002 [2] Ryan Spangler, Packet Sniffer Detection with Anti Sniff, May 2003 Zouheir Trabelso, Hamza Rehmani, Kamel Kacuech, Mounir Frikha, Malicious Sniffing systems platform, 2004
QUESTIONS
- Slides: 12