What's the Difference Between Sniffing, Snooping, and Spoofing?
By Stephen Bucaro
Network sniffing and snooping are very similar. They both involve tapping into network traffic
for the purpose of analyzing packets and extracting usernames, passwords, account numbers,
and other information.
I like to think of network sniffing as picking up a network transmission without altering
the network signal. This is easily accomplished with a WiFi network, but impossible
with a fiberoptic network.
I like to think of network snooping as having a node on the network with a packet analyzer
application such as Wireshark installed. The network snooping node might use an Operating
System having Administrative privileges.
A criminal hacker sniffing network traffic is one of the biggest security issue faced by
network administrators in an enterprise. Sniffing traffic on a wired network is a bit difficult.
It requires setting up a LAN tap.
One option for sniffing traffic on a wired network is to remotely install a sniffer script,
However, there is a chance it may be detected by Anti-Virus software. If the criminal hacker
has access to a physical network cable, they can install a star tap. This is a straight
through connector with an extra connector to connect a packet analyzer. When placed in
a network, the star tap passively allows traffic to pass though unaltered.
However, every connector placed on a cable changes the cables impedance and causes signal
reflections, so a highly skilled network administrator may be able to detect a star tap.
For this reason, expert network spies (think CIA), use an inductive tap. An inductive tap
does not require cutting the network signal wire. It uses a tiny coil to pick up the
magnetic field generated by the current flowing through each cable wire. The magnetic
field is converted back to electrical signals and sent to a packet analyzer.
Spoofing is when a criminal hacker creates an email message that appears to be from a
legitimate source, or a website that appears to genuine. This may be done by using an email
address or IP address that looks very similar to the legitimate one, along with branding and
graphics that looks authentic. However, sometimes its done using IP or DNS spoofing. Here the
criminal hacker actually hacks a DNS server, replacing the legitimate entry in the data
base with their own entry.
More Network Security Articles:
• Understanding the Different Classes of Firewalls
• The Use of HoneyPots and HoneyNets to Trick Hackers
• Security Issues with Wireless LANs
• How to Use the Open Source Intrusion Detection System SNORT
• Use of Taps and Span Ports in Cyber Intelligence Applications
• Network User Authentication
• What is Penetration Testing?
• Public Key Infrastructure
• Detecting Network Sniffers
• Firewall Rules