Packet sniffing is usually done using the following techniques:
- Active sniffing
- Passive sniffing
Active sniffing involves some sort of action done by a penetration tester, such as redirecting user traffic to another gateway for the purpose of monitoring and capturing the packets on the network. A penetration tester may perform an ARP cache-poisoning attack on a victim’s machine by modifying the IP-MAC entries in the ARP table.
Flooding bogus MAC addressing into a switch will cause a CAM Table overflow, causing the switch to flood all incoming traffic out of all other ports.
Also, installing a Rogue DHCP Sever on the network provides clients with a nonlegitimate default gateway and DNS Server. The victim's traffic will be redirected to potentially malicious websites, and their traffic may be intercepted.
The penetration tester will need to execute a precursor attack to cause a redirection of the victim’s traffic. The following diagram presents...