Solutions Fast Track

Previous page
Table of content
Next page

  < Day Day Up > 


What is Network Analysis and Sniffing?

  • Network analysis is capturing and decoding network data.

  • Network analyzers can be hardware or software, and are available both free and commercially.

  • Network analyzer interfaces usually have three panes: summary, detail, and data.

  • The five parts of a network analyzer are: hardware, capture driver, buffer, real-time analysis, and decode.

Who Uses Network Analysis?

  • Administrators use network analysis for troubleshooting network problems, analyzing the performance of a network, and intrusion detection.

  • When intruders use sniffers, it considered is a passive attack.

  • Intruders use sniffers mostly to capture user names and passwords, collect confidential data, and map the network.

  • Sniffers are a common component of a rootkit.

  • Intruders are using sniffers to control backdoor programs.

How Does it Work?

  • Ethernet is a shared medium that uses MAC, or hardware, addresses.

  • The OSI model has seven layers and represents a standard for network communication.

  • Hubs send out information to all hosts on the segment, creating a shared collision domain.

  • Switches have one collision domain per port and keep an address table of the MAC addresses that are associated with each port.

  • Port mirroring is a feature that allows you to sniff on switches.

  • Switches make sniffing more difficult, however the security measures in switch architectures can be overcome by a number of methods, thus allowing the sniffing of traffic designated for other computers.

Detecting Sniffers

  • Sometimes sniffers can be detected on local systems by looking for the promiscuous mode flag.

  • There are several tools available that attempt to detect promiscuous mode by using various methods.

  • Carefully monitoring your hosts, hub and switch ports, and DNS reverse lookups can assist in detecting sniffers.

  • Honeypots are a good method to detect intruders on your network who are attempting to use compromised passwords.

  • Newer sniffers are smart enough to hide themselves from traditional detection techniques.

Protecting Against Sniffers

  • Switches offer some, but little protection against sniffers.

  • Encryption is the best method of protecting your data from sniffers.

  • SSH, SSL/TLS, and IPSEC are all forms of VPNs that operate at various layers of the OSI model.

  • IPSec tunnel mode can protect the source and destination addresses in the IP header by appending a new header.

Network Analysis and Policy

  • Make sure you have permission to use a sniffer on a network that is not your own.

  • Read the appropriate use policies of your ISPs before using a sniffer.

  • If you are hired to assess a computer network, and plan to use a sniffer, make sure you have some sort of non-disclosure agreements in place, because you may have access to confidential data.

  • One-time passwords render compromised passwords useless.

  • E-mail should be protected while in transit and storage with some type of data encryption method.


  < Day Day Up > 


Previous page
Table of content
Next page
Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
A Practitioners Guide to Software Test Design
Java How to Program (6th Edition) (How to Program (Deitel))
An Introduction to Design Patterns in C++ with Qt 4
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy