Monday , September 24 2018


Sniffing Network Traffic: Another popular technique that can be used to gain access to systems is network sniffing.

Sniffing is the process of capturing and viewing traffic as it is passed along the network. Several popular protocols in use today still send sensitive and important information over the network without encryption.

Network traffic sent without using encryption is often referred to as clear text because it is human readable and requires no deciphering.

Sniffing clear-text network traffic is a trivial but effective means of gaining access to systems.

Before we begin sniffing traffic, it is important that you understand some basic network information. The difference between promiscuous mode and non-promiscuous network modes will be discussed first.

By default, most network cards operate in nonpromiscuous mode. Non-promiscuous mode means that the network interface card (NIC) will only pass on the specific traffic that is addressed to it.

If the NIC receives traffic that matches its address, the NIC will pass the traffic that does not match its address; the NIC simply discards the packets.

In many ways, an NIC in nonpromiscuous mode acts like a ticket taker at a movie theater. The ticket taker stops people from entering the theater unless they have a ticket for the specific show.

Promiscuous mode on the other hand is used to force the NIC to accept all packets that arrive.

In promiscuous mode, all network traffic is passed onto the CPU for processing regardless of whether it was destined for the system or not.

In order to successfully sniff network traffic that is not normally destined for your PC, you must make sure your network card is in promiscuous mode.

You may be wondering how it is possible that network traffic would arrive at a computer or device if the traffic was not addressed to the device.

There are several possible scenarios where this situation may arise. First, any traffic that is broadcast on the network will be sent on all connected devices. Another example is networks that use hubs rather than switches to route traffic.

A hub works by simply sending all the traffic it receives to all the devices connected to its physical ports.

In networks that use a hub, your NIC is constantly disregarding packets that do not belong to it. For example, assume we have a small eight-port hub with eight computers plugged into the hub.

In this environment, when the PC plugged into port number 1 wants to send a message to the PC plugged into port number 7, the message (network traffic) is actually delivered to all the computers plugged into the hub.

However, assume all the computers are in nonpromiscuous mode, machines 2-6 and 8 simply disregard the traffic.

Many people believe you can fix this situation by simply swapping your hubs with switches. This is because unlike hubs that broadcast all the traffic to all ports, switches are much more discrete.

When people believe you can fix this situation by simply swapping your hubs with switches. This is because unlike hubs that broadcast all traffic to all ports, switches are much more discrete.

When you first plug a computer into a switch, the media access control (MAC) address of the computer’s NIC is registered with the switch. This information (the computer’s MAC address and switch’s port number) is then used by the switch to intelligently route traffic for a specific machine to the specific port.

Going back to your previous example, if a switch is being used and PC 1 sends a message to taining the MAC address and port number.

It then sends the message to only the computer connected to port number 7. Devices 2-6 and 8 never receive the traffic.


About Jahanzaib Khan

Jahanzaib Khan is Web Designer & Ethical Hacker. He Who has been working since 2014, and is managing several successful websites on the internet for about 3 years.

Check Also

Scripting Errors

Scripting Errors

Scripting Errors: Web applications, programs, and code such as Common Gateway Interface (CGI), ASP.NET and …

Leave a Reply

Your email address will not be published. Required fields are marked *