Menu
What's the Difference Between Sniffing, Snooping, and Spoofing?

Network sniffing and snooping are very similar. They both involve tapping into network traffic for the purpose of analyzing packets and extracting usernames, passwords, account numbers, and other information.

I like to think of network sniffing as picking up a network transmission without altering the network signal. This is easily accomplished with a WiFi network, but impossible with a fiberoptic network.

I like to think of network snooping as having a node on the network with a packet analyzer application such as Wireshark installed. The network snooping node might use an Operating System having Administrative privileges.

A criminal hacker sniffing network traffic is one of the biggest security issue faced by network administrators in an enterprise. Sniffing traffic on a wired network is a bit difficult. It requires setting up a LAN tap.

One option for sniffing traffic on a wired network is to remotely install a sniffer script, However, there is a chance it may be detected by Anti-Virus software. If the criminal hacker has access to a physical network cable, they can install a star tap. This is a straight through connector with an extra connector to connect a packet analyzer. When placed in a network, the star tap passively allows traffic to pass though unaltered.

However, every connector placed on a cable changes the cables impedance and causes signal reflections, so a highly skilled network administrator may be able to detect a star tap. For this reason, expert network spies (think CIA), use an inductive tap. An inductive tap does not require cutting the network signal wire. It uses a tiny coil to pick up the magnetic field generated by the current flowing through each cable wire. The magnetic field is converted back to electrical signals and sent to a packet analyzer.

Spoofing is when a criminal hacker creates an email message that appears to be from a legitimate source, or a website that appears to genuine. This may be done by using an email address or IP address that looks very similar to the legitimate one, along with branding and graphics that looks authentic. However, sometimes its done using IP or DNS spoofing. Here the criminal hacker actually hacks a DNS server, replacing the legitimate entry in the data base with their own entry.


Learn more at amazon.com

More Network Security Articles:
• The Use of HoneyPots and HoneyNets to Trick Hackers
• Wireless Network Security
• Security Issues with Wireless LANs
• How a Firewall Provides Network Security
• Avoid Hacks by Rogue Wireless Devices
• Elementary Information Security
• Network Security
• How to Become a Professional Ethical Hacker
• What is a Password Hash and Salt?
• The Basics of Network Security