Hello, I am quark. Yesterday (09.15) 3 o'clock in the morning, Meranti came, immediately weeping, flying debris, water and electricity, the coastal area is really hurt, but I still came back, yesterday did not update, and today together.
Last time we learned how hackers are preparing for an attack, today we are officially in the attack phase, learning How to sniff the network to get information about the specific situation of the target host network and learn how to prevent network sniffing .
1. The principle of network sniffing
If the network attacker can obtain the data packets transmitted by the target computer network through the Internet Sniffer tool, the data packets can be restored and analyzed according to the protocol to obtain the large amount of information transmitted by the target computers. Therefore, the network sniffing technology is a kind of non-active information acquisition attack technology with great threat.
Sniffing the network of the target computer can be done through the sniffer class tool, or network sniffer. With this tool, you can monitor the state of the network, the flow of data, and the information transmitted over the network. If the information is transmitted over the network in clear text, then the network listener can be used to sniff and obtain the packet. Network sniffer device or network sniffer host network interface is set to the listening mode , you can intercept the information transmitted on the Internet. attackers often use network sniffing techniques to intercept user names and passwords transmitted remotely from a network. Network administrators often use the network sniffer tool to crawl all kinds of data transmitted in the network, in order to deeply analyze network performance and fault, including abnormal communication between computers, traffic flow of different network protocols, source and destination address of each packet. In the packets obtained from the network Sniffer tool, very detailed information can be analyzed.
To capture all the data frames received by the network interface, the network sniffer tool sets the network interface to "promiscuous" (promiscuous) mode. In normal mode, the network interface can only receive data frames where the destination MAC address is the network interface's own MAC address. Only in promiscuous mode does the network interface "Listen" to all network packets to hear all the data frames transferred in the network, regardless of whether the destination address of the data frame is the broadcast address or the address of the other network interface. The network sniffer tool makes a real-time analysis of the data frame containing content by the corresponding protocol analysis tool to analyze the data packet and restore the data in every data frame detected.
It is important to note that the network sniffer tool can only listen to a data frame that is sent to its own network interface within the same physical network . Therefore, it can monitor all the data in the broadcast LAN built by the hub. For networks built by switches and routers, it is not possible to hear data frames that are sent to and from other network interfaces instead of being sent to their own network interfaces. For a switch that supports port mirroring, a mirror operation can be used to replicate a data frame sent and received by another network interface to a listening port that mirrors the port, and then connect the network sniffer device or network sniffer host to the mirror port of the switch to enable monitoring of the other ports in the switch.
2. Network Sniffing Tools
Network sniffer tool is divided into two kinds: software and hardware.
(1) Network sniffing software
Mainly have Wireshark, Sniffer Pro, OmniPeek, NetXRay and so on.
Advantages: Convenient security configuration, easy to learn to use, but also easy to communicate;
Cons: Unable to crawl all the data frames on the network, in a few cases it is impossible to really understand the network failure and operation situation.
As: Wireshark's main interface
(2) Network sniffing hardware equipment
The hardware device used for network sniffing is often a special network protocol analysis device , and its price is higher. However, it is possible to crawl various data frames on the network to provide complete network fault diagnosis and analysis functions.
network attackers often use the network sniffer software or use the network sniffing function of Trojan horse to sniff and analyze the data transmitted in the target host.
3. Prevention of network sniffing
Network sniffing tools often steal sensitive information by acquiring plaintext data from a packet. Therefore, we can use the hardware and software with encryption function to encrypt the data transmitted by the network, in order to achieve the security of protecting the transmitted data. VPN, SSL, SSH and other encrypted transmission devices and technology can effectively prevent network sniffer tool sniffing.
The use of physical or logical isolation of network equipment can prevent the disclosure of information. such as the VLAN function of the switch can realize the logical isolation of network transmission data between VLANs. Therefore, by dividing different VLANs on a switch, the network sniffer tool can only sniff the data within a VLAN, thus reducing the range of network data being sniffed.
Ps:
All kinds of network sniffer software we search and download, recommended on the official website download, for the fee software can choose to use the domestic cracked version.
You are welcome to pay attention to my public number and learn more about cyber security. If you have any good suggestions, also welcome to the public number to leave me a message, must be open-minded to accept useful suggestions.
Search public Number:Quark network security
or long press the QR code under sweep ↓↓↓↓↓
Disclaimer: All articles published by the public are designed to disseminate cyber security knowledge and to guide users to protect their privacy, and the public number is not controlled or responsible for the purpose or consequences of using the knowledge they have learned.
The image is from the network, if infringement, please tell.
How to become a hacker (cyber security Practitioner)--cyber attack technology (2/8 network sniffing)