3.5 Network Sniffing

Network sniffing is a passive technique that monitors network communication, decodes protocols, and examines headers and payloads to flag information of interest. Besides being used as a review technique, network sniffing can also be used as a target identification and analysis technique (see Section 4.1). Reasons for using network sniffing include the following:

Capturing and replaying network traffic

Performing passive network discovery (e.g., identifying active devices on the network)

Identifying operating systems, applications, services, and protocols, including unsecured (e.g., telnet) and unauthorized (e.g., peer-to-peer file sharing) protocols

Identifying unauthorized and inappropriate activities, such as the unencrypted transmission of sensitive information

Collecting information, such as unencrypted usernames and passwords.

Network sniffing has little impact on systems and networks, with the most noticeable impact being on bandwidth or computing power utilization. The snifferthe tool used to conduct network sniffingrequires a means to connect to the network, such as a hub, tap, or switch with port spanning. Port spanning is the process of copying the traffic transmitted on all other ports to the port where the sniffer is installed.

By reviewing the above extraction, the Director of IT department has realized the significance of network sniffing in testing and assessing the network security.

You are tasked by the Director of the IT department to:

Research and find at least 2 network sniffing tools

Prepare a 1-page summary to report your findings