Menu
What's the Difference Between Sniffing, Snooping, and Spoofing?

Network sniffing and snooping are very similar. They both involve tapping into network traffic for the purpose of analyzing packets and extracting usernames, passwords, account numbers, and other information.

I like to think of network sniffing as picking up a network transmission without altering the network signal. This is easily accomplished with a WiFi network, but impossible with a fiberoptic network.

I like to think of network snooping as having a node on the network with a packet analyzer application such as Wireshark installed. The network snooping node might use an Operating System having Administrative privileges.

A criminal hacker sniffing network traffic is one of the biggest security issue faced by network administrators in an enterprise. Sniffing traffic on a wired network is a bit difficult. It requires setting up a LAN tap.

One option for sniffing traffic on a wired network is to remotely install a sniffer script, However, there is a chance it may be detected by Anti-Virus software. If the criminal hacker has access to a physical network cable, they can install a star tap. This is a straight through connector with an extra connector to connect a packet analyzer. When placed in a network, the star tap passively allows traffic to pass though unaltered.

However, every connector placed on a cable changes the cables impedance and causes signal reflections, so a highly skilled network administrator may be able to detect a star tap. For this reason, expert network spies (think CIA), use an inductive tap. An inductive tap does not require cutting the network signal wire. It uses a tiny coil to pick up the magnetic field generated by the current flowing through each cable wire. The magnetic field is converted back to electrical signals and sent to a packet analyzer.

Spoofing is when a criminal hacker creates an email message that appears to be from a legitimate source, or a website that appears to genuine. This may be done by using an email address or IP address that looks very similar to the legitimate one, along with branding and graphics that looks authentic. However, sometimes its done using IP or DNS spoofing. Here the criminal hacker actually hacks a DNS server, replacing the legitimate entry in the data base with their own entry.


Learn more at amazon.com

More Network Security Articles:
• Avoid Hacks by Rogue Wireless Devices
• Use of Taps and Span Ports in Cyber Intelligence Applications
• Elementary Information Security
• Prevent Hacking with Password-Cracking Countermeasures
• Network User Authentication
• Network Security Model - Defining an Enterprise Security Strategy
• Detecting Network Sniffers
• Top Ways to Prevent Data Loss
• How to Secure Your Small Business Network
• Multi-Layered Approach to Cyber Security