Sniffing the traffic and packets analysis can be done in following two ways:
- Active Sniffing
in the active sniffing , sniffing is done through switch . An attacker tries to poison the switch using fake or spoofed mac address . The ultimate aim is to poison the switch and intercept every packets passing through it . In this switch acts as intermediate . Now the switch looks each and every mac address and send the information on the connected ports.
Though sniffing took place using switch it is difficult to sniff the packets and there are great chances of being caught. Active sniffing may get detected easily and hence it is not efficient way of sniffing
- Passive Sniffing
In the passive sniffing is done through HUB . An attacker directly gets connected to the hub and starts sniffing . As the attacker is directly connected to the hub , it is difficult to detect the sniffing and there are less chances of being caught. Passive sniffing is quite easy as compared to the active sniffing
In the passive sniffing , hub acts as an intermediate . The packets are intercepted easily and analysis process became smooth.