Chapter 5. Sniffing and Spoofing
Network sniffing helps you understand which users are using services you can exploit, and IP spoofing can be used to poison a system's DNS cache, so that all their traffic is sent to a man in the middle (your designated host, for instance), as well as being an integral part of most e-mail phishing schemes. Sniffing and spoofing are often used against the Windows endpoints in the network, and you need to understand the techniques that the bad guys are going to be using:
- Sniffing Network Traffic: There are many tools to sniff network traffic but they all work on the same principle. All TCP/IP packets are readable by your Network Interface Card (NIC). There are hundreds of protocols and thousands of TCP/IP ports. It is safe to say that you will not have to learn about all of them, but you will probably learn about a dozen.
- Spoofing Network Traffic: The TCP/IP system is trusting. The general assumption underlying the way networks work is one of...
