Skip to content
CEH Practical Guide

📩 Sniffing

Sniffing is a technique used to monitor network traffic and gather information about the data being transmitted.

It can be used for various purposes, including network analysis, troubleshooting, and security assessments.

Active sniffing

Section titled “Active sniffing”

Active sniffing is done by sending packets to the network to elicit responses from devices.

This can help identify devices, protocols, and services running on the network.

macof macof is a tool that generates random MAC addresses and sends them to the network to flood the ARP cache of switches.
yersinia Yersinia is a network attack tool that can be used to exploit vulnerabilities in various network protocols.
arpspoof arpspoof is a tool that can be used to intercept network traffic by sending ARP replies to devices on the network.
Cain Cain is a password recovery tool that can be used to sniff network traffic and recover passwords.
Technitium MAC Address Changer Technitium MAC Address Changer is a tool that can be used to change the MAC address of a network interface on Windows.
macchanger macchanger is a tool that can be used to change the MAC address of a network interface for Linux.

Passive sniffing

Section titled “Passive sniffing”

Passive sniffing is done by monitoring network traffic without actively sending packets.

This can be done using network taps, port mirroring, or by using a network interface in promiscuous mode.

tcpdump tcpdump is a command-line packet analyzer that can be used to capture and analyze network traffic.
Omnipeek Network Analyzer Omnipeek is a network analysis tool that can be used to capture and analyze network traffic.
Scapy Scapy is a Python-based interactive packet manipulation program and library.

Wireshark

Section titled “Wireshark”

Wireshark is a popular tool for passive sniffing and can capture and analyze network traffic.

tcp.port eq 25 or icmp


tcp.window_size == 0 && tcp.flags.reset != 1


http.request.uri matches "gl=se$"


udp contains 81:60:03
Official website
Official guide for DisplayFilters
Cheat sheet 1
Cheat sheet 2

Sniffing detection

Section titled “Sniffing detection”

Sniffing can be detected by monitoring network traffic for unusual patterns or by using intrusion detection systems (IDS).

Capsa Free Capsa Free is a network analyzer that can be used to monitor network traffic and detect sniffing.