Week 6 Summary

Sniffing is when one uses tools to track the traffic going on in your network. There are two types of sniffing: active and passive.

Passive sniffing involves observing traffic across the network, such as sniffing the traffic from a hub, since a hub broadcasts all traffic out to all their ports.

Active sniffing involves touching a switch to manipulate it to do what you want it to do. Some ways of touching the switch would include ARP poisoning or MAC flooding. These techniques would turn the switch into a hub and have the switch broadcast all traffic out of all their ports and make it easier to listen in on traffic. Usually switches only broadcast traffic to the intended receipt and not to the whole network. They also have port security so no random IP addresses or MAC addresses can plug in and listen. Spoofing a MAC address would also be a way to listen in on a switch’s traffic.

Passive sniffing is not easily detected, whereas active sniffing can be detected. In order to sniff, one must set their NIC on promiscuous mode. Sniffing is useful since finding unencrypted protocols such as FTP, telnet, SMTP, HTTP, POP3 or IMAP can be easily captured and read.

Article:

Police tell residents to stop calling whenever Facebook goes down.
http://www.independent.co.uk/life-style/gadgets-and-tech/facebook-down-don-t-ring-us-when-site-stops-working-say-police-a6672081.html