Sniffing

Welcome to the Sniffing module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.

Introduction

Packet sniffing is the practice of gathering, collecting, and logging some or all packets that pass thru a computer network, regardless of how the packet is addressed. In this way, every packet, or a defined subset of packets, may be gathered for further analysis. You, as a network administrator, can use the collected data for a wide variety of purposes, like monitoring bandwidth and traffic.

A packet sniffer, sometimes called a packet analyzer, is composed of two main parts. First, a network adapter that connects the sniffer to the existing network. Second, software that provides a way to log, see, or analyze the data collected by the device.

WireShark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named "Ethereal," the project was renamed "Wireshark" in May 2006 due to trademark issues.

I can't stress how much you need to learn Wireshark. Since this wireshark is very important from an exam point of view. So, please learn. You can Google stuff online. There are tons of video tutorials for Wireshark.

How to analyze the packets
Learn to analyze the list of IPs that had DDos attacks.
Learn to find sensitive data in the HTTP flow.

PreviousSteganography NextSQL Injection

Last updated 2 years ago