Passive Sniffing Techniques:-
Passive sniffing techniques are widely used because in passive sniffing attacker can directly intercept the packets due to presence of hub.
Some tools used for performing Passive Sniffing:-
Wireshark is a powerful packet analyser tool. Wireshark is generally used for capturing the network traffic, packet analysis and sniffing the information.
Wireshark comes pre-installed in the kali linux and it is also available for download. Wireshark is supported on windows and unix based systems.
Wireshark allows a user to live capture the network traffic and perform analysis. Display filters are used in wireshark to view particular packets or sets of data.
Download : www.wireshark.org
a.Download wireshark on windows system or open wireshark from kali linux.
b. Choose the interface from which the network traffic is to be captured. User can select multiple interfaces like wireless network, Ethernet etc.
c. Click on start capture to start capturing the traffic. Once there will be some traffic on the network, packets will be shown in wireshark.
d. There are many display filters are available in the wireshark to shortlist the particular data.
e. Color coding is used in wireshark, different color indicates different traffic.
f. Various display filters are used to filter the traffic for particular analysis.
g. There are variety of filter are available. Go to capture menu and click on capture filters. The filter string will be used to input any filter in wireshark.
Tshark is a command line based network sniffing and packet analyser tool. It is also one of the powerful sniffing tool. It captures the data from live network.
a. Open terminal in kali linux. Now to check manual or help screen of the tshark type ”man tshark” and manual screen will be shown up. Here everything about tshark is mentioned. there are various commands are also described.
b. Now start tshark by typing ”tshark” in terminal.
c. To check the working of tshark, generate some traffic using nmap or any other tool.
d. Now tshark will capture all the packets and show it in the following format:
- PTR Record
e. Tshark cheat sheet is available online, just like wireshark, tshark also supports filters. Apply the specific filters at the beginning and tshark will only capture specified packets.