Attacks on network
• Sniffing is the process of gathering traffic from a network by capturing the data as they
pass and storing them to analyze later.
• Sniffers are used to capture traffic sent between two systems. Depending on how the
sniffer is used and the security measures in place, a hacker can use a sniffer to discover
usernames, passwords, and other confidential information transmitted on the network
• It is a Passive Process.
ARP Poisoning: Man in the Middle Attack
• The concept of ARP Poisoning (or ARP spoofing) is to set up a man-in-the-middle
attack that allows the attacker to insert himself into the communications stream between
the victim and the victim’s intended communications recipient.
• It involves sending bogus ARP requests to the network device so outbound traffic will
be routed to the attacker.
• Hacker uses the concept of ARP Poisoning to redirect all the network traffic to the
Sniffer device and get all the Username and Password sent in the Network
• DNS spoofing (or DNS poisoning) is a technique that tricks a DNS server into believing
it has received authentic information when in reality it hasn’t.
• When a user requests a certain website URL, the address is looked up on a DNS server
to find the corresponding IP address. If the DNS server has been compromised, the user
is redirected to a website other than the one that was requested, such as a fake website.
Counter apart the Network attacks
• Generally a Client User is not really the concerned person to secure the Network; it is the
part of the Network Administration.
• However, still the User is the one who will directly or indirectly effect with the Network
Trace Your Sever
• Trace your Server to check if there unreliable device in between your computer to your
• Command: Tracert ServerIP
Check the Network Connections
• A User must check the network connections which his computer has made to outer
• Command: Netstat –a
• Or you can use the TCP View to check the network connection details.
Checking the ARP Table
• ARP is Address Resolution Protocol, which converts the IP Address of a device to its
• “Arp –a”, use this command to check the ARP table for your computer and you can
easily detect the MITM Attack.
Rayat Institute of Engineering and Information Technology, Railmajra, Near Ropar (Chandigarh)