Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

What's the Difference Between Sniffing, Snooping, and Spoofing?

Network sniffing and snooping are very similar. They both involve tapping into network traffic for the purpose of analyzing packets and extracting usernames, passwords, account numbers, and other information.

I like to think of network sniffing as picking up a network transmission without altering the network signal. This is easily accomplished with a WiFi network, but impossible with a fiberoptic network.

I like to think of network snooping as having a node on the network with a packet analyzer application such as Wireshark installed. The network snooping node might use an Operating System having Administrative privileges.

A criminal hacker sniffing network traffic is one of the biggest security issue faced by network administrators in an enterprise. Sniffing traffic on a wired network is a bit difficult. It requires setting up a LAN tap.

One option for sniffing traffic on a wired network is to remotely install a sniffer script, However, there is a chance it may be detected by Anti-Virus software. If the criminal hacker has access to a physical network cable, they can install a star tap. This is a straight through connector with an extra connector to connect a packet analyzer. When placed in a network, the star tap passively allows traffic to pass though unaltered.

However, every connector placed on a cable changes the cables impedance and causes signal reflections, so a highly skilled network administrator may be able to detect a star tap. For this reason, expert network spies (think CIA), use an inductive tap. An inductive tap does not require cutting the network signal wire. It uses a tiny coil to pick up the magnetic field generated by the current flowing through each cable wire. The magnetic field is converted back to electrical signals and sent to a packet analyzer.

Spoofing is when a criminal hacker creates an email message that appears to be from a legitimate source, or a website that appears to genuine. This may be done by using an email address or IP address that looks very similar to the legitimate one, along with branding and graphics that looks authentic. However, sometimes its done using IP or DNS spoofing. Here the criminal hacker actually hacks a DNS server, replacing the legitimate entry in the data base with their own entry.

More Network Security Articles:
• Firewall Perimeter Network (DMZ)
• Types of DoS (Denial of Service) Attacks
• Difference Between Rule and Role Based Access Control
• How Snort's Stealth TCP Port Scanning Works
• Essentials of Endpoint Device Backup
• What is a Password Hash and Salt?
• What is Network AAA (Authentication, Authorization, and Accounting)?
• Digital Signatures and Certificates
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• How to Secure Your Small Business Network
Menu - More
Network Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268