Sniff traffic

Depending on the network topology, there are many ways of gaining read-access to a network to conduct passive attacks. The most common method compromises a general purpose operating system on the segment and installs sniffer software that puts a network interface card in promiscuous mode and captures traffic. ARP/MAC spoofing may be necessary to sniff traffic on switched networks.


Attack:

1. Gain local network access to a segment (OR)

1.1 Compromise server (AND)
1.2 Install and use sniffing software such as tcpdump or wireshark

2 Tap physical medium (OR)

3 Redirect traffic through a compromised host