PrepAway - Latest Free Exam Questions & Answers

Which of the following is TRUE related to network sniffing?

Which of the following is TRUE related to network sniffing?

PrepAway - Latest Free Exam Questions & Answers

A.
Sniffers allow an attacker to monitor data passing across a network.

B.
Sniffers alter the source address of a computer to disguise and exploit weak authentication methods.

C.
Sniffers take over network connections.

D.
Sniffers send IP fragments to a system that overlap with each other.

Explanation:
Packet sniffing is the process of intercepting data as it is transmitted over a network.
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local
area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same
segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings
of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software
commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode,
and it reads communications between computers within a particular segment. This allows the sniffer to seize
everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet
sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.
Incorrect Answers:
B: Sniffers do not alter the source address of a computer to disguise and exploit weak authentication methods.
This describes IP spoofing.C: Sniffers do not take over network connections. Session Hijacking tools allow an attacker to take over
network connections, kicking off the legitimate user or sharing a login.
D: Sniffers do not send IP fragments to a system that overlap with each other. This describes a Malformed
Packet attack. Malformed Packet attacks are a type of DoS attack that involves one or two packets that are
formatted in an unexpected way. Many vendor product implementations do not take into account all variations
of user entries or packet types. If software handles such errors poorly, the system may crash when it receives
such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap
with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems
will crash when the encounter such packets.

http://www.techopedia.com/definition/4113/sniffer


Leave a Reply