![]() ![]() By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic. Promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. However, if placed into promiscuous mode, the packet sniffer is also capable of capturing all packets traversing the network regardless of destination. Typically, the packet sniffer would only capture packets that were intended for the machine in question. In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface. This description shows that traffic isn’t broadcast out to every host, but only to the destination host, therefore it’s harder to sniff traffic. The traffic goes from the source host to the switch, and then directly to the destination host. When the host replies, the traffic can be sent to it. If the destination host isn’t in the ARP cache, the source host sends a broadcast ARP request looking for the host. The ARP cache is a table that stores both layer 2 (MAC) addresses and layer 3 (IP) addresses of hosts on the local network. Before sending traffic from one host to another on the same local area network, the host’s ARP cache is first checked. ![]() ![]() Access Control (MAC) addresses of stations to the ports on which they connect to the switch itself. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |