Analyzing Traffic Flashcards
(17 cards)
What is packet sniffing?
Collecting packets passing through a network to analyze or monitor them.
What are the two main types of packet sniffing?
Active and Passive sniffing.
What differentiates active from passive sniffing?
Active sniffing involves interaction with the target, while passive does not.
Give examples of active sniffing attacks.
ARP spoofing, MAC flooding, HTTPS/SSH spoofing, DNS spoofing.
Where is passive sniffing typically carried out?
Hub-based or wireless networks.
What is the function of a hardware packet sniffer?
Designed to examine network segments by being plugged directly into the network.
What are the uses of legitimate packet sniffing?
Troubleshooting, application performance monitoring, security analysis, and traffic trend monitoring.
Which protocols are common targets for packet sniffing attacks?
FTP, HTTP, SMTP, NNTP, POP, IMAP, Telnet.
How can you mitigate packet sniffing attacks?
Use encrypted protocols for network communication.
What information is typically found in DHCP logs?
MAC addresses of devices that connected to a router.
What can you determine from Windows Event Viewer regarding network activity?
Detailed records of DHCP assignments and connection events.
Which macOS utility is used to manage wireless networks?
AirPort Utility.
What evidence is available from an iOS device regarding Wi-Fi networks?
SSID, authentication type, MAC address of AP, timestamps of last connections.
What database in Android contains detailed network connection info?
Herrevad database.
What does WIGLE.NET provide?
Central database of wireless network locations worldwide.
What is a rogue access point?
An unauthorized wireless access point installed on a secure network.
Name two tools used for packet sniffing.
Wireshark and Kismet.
