Active sniffing vs passive sniffing | Difference between active sniffing and passive sniffing
This page compares active sniffing vs passive sniffing and mentions difference between active sniffing and passive sniffing.
What is network sniffing ?
It is a type of attack in which attacker captures packets across a wired connection or wireless connection. It is called eavesdropping. The main aim is to capture unencrypted credentials from the network. The common protocols which can be targetted using such attack are FTP, HTTP, SMTP, NNTP, POP, IMAP, Telnet etc.
The best technique to prevent such attacks is to employ encrypted protocols which use encrypted communication. Using encrypted protocols it is very difficult to capture the traffic as it is encrypted. The network sniffing can be categorized mainly into active and passive sniffing.
• In this sniffing type, attacker directly interacts with target machine by sending packets and receiving responses.
• This sniffing is carried out through Switch. In this type, attacker tries to poison the switch by sending bogus MAC address.
• Examples of active sniffing : ARP spoofing, MAC flooding, HTTPS and SSH spoofing, DNS spoofing etc.
• In this sniffing type, attacker does not interact with the target. He/she simply hook on to the network and captures
packets transmitted and received by the network or exchanged between two machines.
• This sniffing is carried out through hub. An attacker connects to the hub from his/her machine. Attacker needs account on the LAN.
• Examples of passive sniffing: Hub based networks or wireless networks
Penetration and security testing related links
Difference between useful networking terminologies
Difference between OSI and TCPIP layers
Difference between TCP UDP
FTP vs HTTP
FTP vs SMTP
FTP vs TFTP
ARP vs RARP
NAT vs PAT
RIP vs OSPF
SLIP vs PPP
IMAP4 vs POP3
IPV4 vs IPV6
Difference between Internet and Intranet