📘 Packet Sniffing and Spoofing — Exam Notes (Network Security)
🔐 1. Definition
🔹 Packet Sniffing
Packet sniffing is a technique where an attacker or tool captures and monitors data packets traveling over a network.
👉 Simple idea:
It is like “listening to network traffic” to see what data is being sent.
🔹 Spoofing
Spoofing is a type of attack where an attacker pretends to be a trusted user, device, or system by falsifying identity information.
👉 Simple idea:
It is like “impersonating someone else” in a network.
🎯 2. Objectives of These Attacks
Packet Sniffing:
- Capture sensitive information
- Monitor network traffic
- Analyze communication patterns
Spoofing:
- Gain unauthorized access
- Steal data or credentials
- Bypass security controls
🦠 3. Packet Sniffing in Detail
🔹 How It Works:
- Attacker connects to a network
- Uses sniffing tools
- Captures packets flowing through the network
- Extracts useful data
🔹 Types of Sniffing
1. Passive Sniffing
- Only listens to traffic
- Hard to detect
- Works in shared networks
2. Active Sniffing
- Manipulates network traffic
- Used in switched networks
🔹 Common Sniffing Tools
- Wireshark
- Tcpdump
- Network analyzers
⚠️ 4. Spoofing in Detail
🔹 Types of Spoofing
1. IP Spoofing
- Fake IP address is used
- Used in DoS/DDoS attacks
2. MAC Spoofing
- Changes device MAC address
- Bypasses network filters
3. Email Spoofing
- Fake sender email address
- Used in phishing attacks
4. DNS Spoofing
- Fake DNS responses redirect users to malicious sites
5. ARP Spoofing
- Links attacker’s MAC address with victim’s IP
- Enables Man-in-the-Middle (MITM) attacks
🧱 5. Difference Between Sniffing and Spoofing
| Feature |
Packet Sniffing |
Spoofing |
| Purpose |
Capture data |
Fake identity |
| Action |
Passive monitoring |
Active attack |
| Effect |
Data leakage |
Unauthorized access |
| Visibility |
Hard to detect |
May be detectable |
🛡️ 6. Prevention of Packet Sniffing
- Use encryption (HTTPS, SSL, VPN)
- Use secure Wi-Fi (WPA3)
- Avoid public unsecured networks
- Use switched networks instead of hubs
- Monitor network traffic
🛡️ 7. Prevention of Spoofing
- Use strong authentication (MFA)
- Enable IP and MAC filtering
- Use firewalls and IDS/IPS
- Implement DNSSEC for DNS protection
- Encrypt communication channels
🔑 8. Security Principle
🔸 Encryption Rule
If Data is Encrypted → Sniffing becomes useless
👉 Encryption is the best defense against sniffing.
🖼️ 9. Diagram Descriptions
📌 Packet Sniffing
- Network traffic → Sniffer tool → Captured packets
📌 IP Spoofing
- Attacker → Fake IP → Target system
📌 ARP Spoofing (MITM)
- Attacker inserted between sender and receiver
🧾 10. Real-Life Examples
- 📡 Wi-Fi sniffing in public networks
- 📧 Fake emails pretending to be banks
- 🌐 Redirecting users to fake websites
- 🏢 Internal network attacks using ARP spoofing
📝 Likely Exam Questions
- Define packet sniffing and spoofing.
- Differentiate between sniffing and spoofing.
- Explain types of packet sniffing.
- What is IP spoofing and ARP spoofing?
- How does packet sniffing work?
- What are tools used for sniffing?
- Explain DNS spoofing with example.
- What are the risks of spoofing attacks?
- How can sniffing attacks be prevented?
- Write short notes on:
- MAC spoofing
- Email spoofing
- Man-in-the-Middle attack
📌 Quick Summary / Conclusion
- Packet sniffing captures network data packets.
- Spoofing fakes identity to gain unauthorized access.
- Sniffing is mostly passive, spoofing is active.
- Both are serious threats to network security.
- Encryption, authentication, and secure protocols are key defenses.
👉 In short:
Sniffing steals data by listening, while spoofing steals identity by pretending to be someone else.