2. Introduction
• Password sniffing is an attack on the Internet that is
used to steal user names and passwords from the
network.
• This often happens on public WIFI networks where
it is relatively easy to spy on weak or unencrypted
traffic.
2
3. How it Works?
• Sniffer - is a software or hardware tool
• Password sniffing is a type of man-in-the-middle (MITM) cyber attack.
• The hacker is the “man in the middle” between your computer and the remote
database you are trying to access
• password sniffing targets remote databases.
3
5. Passive Sniffing
• Passive sniffing works with hubs.
• all devices in a hub receive all the
network’s traffic, a sniffer can easily and
passively soak up everything that’s being
sent.
5
6. Active sniffing
• This sniffing is carried out through
Switch.
• attacker tries to poison the switch by
sending bogus MAC address
6
8. Prevention
• Not to do anything on a public WI-FI
network.
• Not expose yourself and private
information to open networks.
• Use VPN.
• Install antivirus software.
• Avoid HTTP logins.
8
9. Reference
RF Wireless World. Difference between active sniffing and passive sniffing.
(n.d.). Retrieved March 6, 2022, from https://www.rfwireless-
world.com/Terminology/Difference-between-active-sniffing-and-passive-
sniffing.html
9
Password sniffing is also a type of hacking. In which a software application is used to steal username and password simply by observing and passively recording network traffic. This is often happens in the public wifi where it is easy to spy on the weak traffic. Today, it is mostly historical interest as most protocols nowadays use strong encryption for password. However it used to be the worst security problem on the internet in the 1990s. When news of major password sniffing are almost weekly.
Password sniffing attack is typically done by the implementing a password sniffer on a LAN. By accessing computer that connected in this network it can be done. Sniffer can be software or hardware that is implemented on the network where hacker have to sniff. It is a small program that listen all the traffic in the attached network and extract the user name and password from the data flow of TCP/IP packets. It just like man in the middle attack. It plays role of man in the middle between your computer and the remote database.
Attacker does not directly interact with the target. They simply hook on the network and capture all the transmitted and received packets by the networks. It is carried out through through hub. But on thing is that atracker and target should be connected in the same host.
In this sniffing, attacker directly interact with the targeted machine by sending packets and receiving responds. It is basically done through the switch. Attackers aims to infect the switches by transmitting false MAC address. ARP sppfing , Mac Flooding are examples.
It can be used as both criminal and legal use. For legal use of the sniffing software, as an example, It professional also use snfiing softarw to find out he weak application which may transmiting critical imformation with out encryption. It is also used for ethical hacking.
And for criminal use It can be used by the attacker for their personal benefits. / organizational benefits.