Sniffing in Ethical Hacking is a method implemented for monitoring all the data packets that pass through a particular network. Sniffers are primarily used to oversee and troubleshoot network traffic, and Network/System Administrators are responsible for this role. Sniffers can be installed in the system in the form of software or hardware.
However, attackers can misuse sniffers to gain access to data packets that contain sensitive information, such as account information, passwords, etc. Packet sniffers on a network can give a malicious hacker the opportunity to intrude and access all of the network traffic.
There are two types of sniffing :
Active sniffing : Sniffing in a point-to-point network device called the switch is referred to as active sniffing. The switch is responsible for the regulation of the data flow between its ports. This is done through the active monitoring of the MAC address on each port, which enables the passing of data only to the intended target. To activate the sniffing of the traffic between targets, sniffers have to inject traffic into the LAN.
Passive sniffing : Passive sniffing happens when the sniffing is done through the hub. The traffic that goes through the unbridged network or the non-switched segment is transparent to all machines in that segment. Here, sniffers work at the network’s data link layer. This is called passive sniffing as sniffers set up by the attackers passively wait for the data to capture them when they are sent.