In this article I want to give you a sneak peak about what actually sniffing and spoofing means and then we will move on to how to do it in order to gain access to a remote computer. So here the first term which is sniffing.
Sniffing:
Sniffing as a hacking terminology is the way to use network interface to sniff out packet even the packets not intended for the machine.So basically it’s just sniffing the packets which are transferring over the Ethernet or even wireless. Sniffing is a passive attack that simply means the you can’t get caught easy. Sniffing is actually done for security purpose to troubleshoot the problems in the network by the network administrator by using network analyzing tools and make its use efficient.Since it is a passive way of attacking it doesn’t inject or corrupts the normal flow of data and the network interface just provide you with a copy of the transferring packets.Sniffing is mainly done at the lower level layers as they are not well covered.
How It Is Done?
Sniffing is done by the network interface(NIC) in promiscuous mode.By default our network interface card is in non-promiscuous mode that means it can only take the packet which are intended for it,not all packets.Promiscuous mode enables the network interface to make a copy of every packet it could sniff on the network and displays those packets to you. libpcap is support the capturing of packets in Linux OS, Winpcap is used for the same in windows. You can use following tools to achieve this:
- TCPDump
- Wireshark
- Ettercap
There are many other that you can use,I find the above tools most efficient and they can get the work done and I am used to them so.
So these tools provide a well defined display of each packet which is transmitting via the network and you can also filter them as per your efficiency.
Spoofing:
We had known the meaning the sniffing now we will understand the meaning of spoofing.Well its an active attack it simply mean that a computer system or a device masquerade as another device in order to get data which is intended for the that device.It is an active attack so this attack tends to disrupts the normal flow of the network and also causes injection. It is impersonation of a machine to get that machine traffic and to alter that data.Spoofing can be done at any layer. I am not going to tell you about ARP spoofing you would probably get in another website.Thousands of website provide you with the information about ARP and ARP spoofing.
Tools:
- Ettercap is a multi application which provides several features that allows arp spoofing also.