Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s office with
various connected cables from the office. Which of the following describes the type of attack that was
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data
communications sent between devices on a network. Capturing packets sent from a computer system is known
as packet sniffing. However, packet sniffing requires a physical connection to the network. The switch hidden in
the ceiling is used to provide the physical connection to the network.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft
and Wireshark (formerly Ethereal).
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local
area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same
segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings
of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software
commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode,
and it reads communications between computers within a particular segment. This allows the sniffer to seize
everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet
sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.