2. What is Sniffing?
• Sniffing is a technique for gaining access through network
based attack.
• A sniffers is a program that gathers traffic from the local
network, and it is useful for attackers looking to swipe data as
well as network administrator trying to troubleshoot
problems.
• Using sniffer, an attacker can read data passing by a given
machine in a real time or store the data.
3. What is password sniffing?
• Password sniffers are program that monitor and record the
name and password of network users as they login.
• Whoever installs the sniffer can then impersonate an
authorized users and login to access restricted documents.
• Password Sniffing is a Reconnaissance attack.
• Reconnaissance refers to the overall act of the learning
information about a target network by using readily available
information and applications.
4. Definition-What does Password Sniffer mean?
• A password sniffer is a software application that scans and records
passwords that are used or broadcasted on a computer or network
interface.
• It listens to all incoming and outgoing network traffic and records any
instance of a data packet that contains a password.
• A password sniffer installs on a host machine and scans all incoming and
outgoing network traffic.
• A password sniffer may be applied to most network protocols including
HTTP,IMAP(Internet Message Access Protocol),FTP(File Transfer
Protocol).POP3,Telnet(TN)and related protocol that carry passwords in
same format.
5.
6. Password Sniffer(Continue…)
• A Password Sniffer that is installed on a gateway or proxy server can
listen and retrieve all passwords that flow within a network.
• A Password Sniffers is primary used as a network security tool for
sorting and restoring passwords.
• However hackers can crackers use such utilities to sniff out password
for illegal and malicious purposes.
• The Sniffer can be hardware or software.
7. Case Study
• (1)If you are a fan of siting in public cafes that offer free WIFI and
playing on your computer. Make sure you are using sort of encryption
and security when sending passwords.
• A person who has a password sniffing program on their computer can
easily sit in a public space collecting passwords from the network with
ease. These programs are simple to use.
• (2)In a Moll all people are shopping using there smartcard, credit card ,
debit card etc. at the time of payment customer have to stretch their
card into machine. In that machine the attacker can use program to
record the user password or sensitive information. And after gaining
particular information attacker can misuse the card and amount.
8. Case Study
• So be safe when stretching the card on the public scanner machine.
• (3)Phishing website provide the original look so normal user can not
identify which one of the fake website. In this type of website sniffer
program are installed . Attacker can set the sniffer program .So normal
user can give their sensitive information on that website. So at the time
of user response program can scan the username and password that can
be recorded.
9. To prevent Password Sniffing Attack:
• Not to do anything on a public WIFI network.
• Not expose yourself and private information to open networks.