Understanding MITM and packet sniffing attacks
When connected on a network, whether it's wired or wireless, there are a lot of packets being sent back and forth between hosts. Some of these packets may contain sensitive and confidential information, such as usernames, passwords, password hashes, and documents, which are valuable to a penetration tester. While there are many secure network protocols that provide data encryption, there are many unsecure network protocols that transmit data in plaintext.
While networking technologies have evolved over time, this is not the case for many network protocols with the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. There are many applications and services that operate on a client-server model that sends sensitive data in plaintext, allowing a penetration tester to both intercept and capture such data. Capturing user credentials and password hashes will allow you to easily gain access to clients and servers...
