Network Attack Techniques – Network Sniffing

Wednesday, May 05, 2010

Ray Tan


One of the network’s features is that data are transmitted up and down through network pipes, from one piece of equipment to another.  That means when you try to send data to another computer, the data go through many network devices. We can use tracert command to help us understand how the packets travel among the devices.

This causes the problem that someone could see your data. It’s just like you sending out a mail and the postman can take a peek if he wants too.

Another point we have to make clear that data can be transmitted in Plain text format or encrypted code format. If data encrypted, the peeper only sees a pile of meaningless strings. He can choose to rank his brain to crack them down if he really wants to get the original data from it but it’s not easy at all. It’s pretty much like what happened in the Second World War. Everybody could receive telegram commands but it took a great effort to crack the code.

Let’s go back to the cyber world. Most of the data traveling up and down of the network are in the plain format. The hacker can easily get your information without effort unless your data go through his device, including trade secret, your credit information and your mailbox’s password and so on.


There are two methods that hackers sniff into your communication.

1. Install a sniffing tool on a network connection device such gateway, switch or router. There might be other hacking techniques required such as installing the sniffing tool to one of above mentioned network devices under an Administrator privileges.

2. Connect a sniffing tool to an unsecure Intranet. This kind of network is almost organized with a HUB. Any station in the network receives data from all other stations in the segment. That’s because a HUB broadcasts a packet to all physical ports on receiving a packet instead of sending it to a single port like a switch. All stations in the segment receive the packet, but they are discarded if the destination address does not match. The user won’t know this because it’s done under the ground.  A user can get and open the data he shouldn’t get if he is intended to.


Check whether your data are transmitted under plain text format or decrypted format before your request and transmission. We could use SSH other than telnet to manage a remote machine, and better choose use HTTPS to protect our usernames and passwords.

Keep away from a service requiring username and password (especially at an airport and railway station).

Choose high-level encryption tool to encrypt classified files and encrypt them before transmission.

Monitor the network status and try your best to avoid illegal sniffing tools use.

Pay attention to network devices. Replace a HUB with a switch for a network requiring security.

Pay attention to share folders and services. They’d better be protected with password authentication.

General Network->General
Post Rating I Like this!
px px Attention infosec island! Why do you let unethical hackers like Ray Tan post articles like this? He is not only publicizing the illegal hacker tool "TracerT", but is also giving step by step instructions on how to illegally hack into company networks. This sort of behavior should not be tolerated by any security organization, and I will take by business elsewhere until this criminal has been removed from this website.
Ray Tan I am sorry for the misunderstanding.
If you want to protect your network, you need to know how your network are compromised.
px px, I did not introduce any hacking tools here, I am just want those people like you pay more attention to the security of your network.
Clement Dupuis I totally agree that many of the infosec professionals need to open their mind a bit and start paying more attention to the offensive side. You have to learn at the same speed as they do. This is in no way anything new or elite, this is simply best practice that people must implement.

On top of the recommendations I would add for sure strong port security. Any unused port should be disabled. Ports should be mapped to a single MAC address. Any unknown MAC connecting to ports that are enabled should disable the port and a warning sent to the administrator.

Systems are constantly compromised today because of our lack of understanding on the defensive side where we defend ourselves using techniques that are dated.

The more you know, the better it is

Best regards to all

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.