Facts about Packet Sniffing and Spoofing

I am confused about some basic facts about Packet Sniffing and Spoofing: Q1: Are they both types of programs written...

to run on the internet? Q2: Do both interfere with TCP/IP traffic? Q3: Would you say spoofing as deception and sniffing as interception?

To start with, there are two common types of Internet security breaches, sniffing and spoofing.

*Sniffing is the act of intercepting and inspecting data packets using sniffers (Software or hardware devices) over the Net. Sniffing is a passive security attack in which a machine separated from the intended destination reads data on a network. These passive security attacks are those, that do not alter the normal flow of data on a communication link or inject data in to the link, but lead to leakages of different kinds of information like: Passwords, Financial figures, Confidential/Sensitive data & Lowlevel Protocol information. Sniffing is considered as the virtual counterpart of shoulder surfing. Sniffers are also used as a troubleshooting tool by the Network Administrators.

On the other hand, *Spoofing is the act of identity impersonation. IP Spoofing is the technique used by intruders to gain access to a Network by sending messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker uses variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. As IP being connectionless, routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address which is only used by the destination machine when it responds back to the source. This makes the task of an attacker much easier to forge the identity by modifying the IP Packets and becoming a part of the destination network. However, IP spoofing is an integral part of many network attacks that do not need to see responses (blind spoofing). With the current IP protocol technology, it is impossible to eliminate IP-spoofed packets. There are solutions available, but discussing that would be out of the scope of your question.

Hope this answers all you questions. If you need more information, please feel free to write back to me. -Puneet

Dig Deeper on Data management strategies