Fandom

The IT Law Wiki

Network sniffing

32,578pages on
this wiki
Add New Page
Talk0 Share

Definition

Network sniffing is

a passive technique that monitors network communication, decodes protocols, and examines headers and payloads to flag information of interest. Besides being used as a review technique, network sniffing can also be used as a target identification and analysis technique.[1]

Overview

Reasons for using network sniffing include the following:

Network sniffing has little impact on systems and networks, with the most noticeable impact being on bandwidth or computing power utilization. The sniffer — the tool used to conduct network sniffing — requires a means to connect to the network, such as a hub, tap, or switch with port spanning.[2]

Shortcomings

One limitation to network sniffing is the use of encryption. Many attackers take advantage of encryption to hide their activities — while assessors can see that communication is taking place, they are unable to view the contents. Another limitation is that a network sniffer is only able to sniff the traffic of the local segment where it is installed.

References

  1. NIST Special Publication 800-115, at 3-4.
  2. Id.

See also

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.