WEBVTT

0
00:01.450 --> 00:08.230
In this lecture we'll talk about the packet sniffing  or analyzing which are essentials when it comes to

1
00:08.230 --> 00:15.790
networking in general and information security in particular. When someone who wants to send an email

2
00:15.880 --> 00:19.080
or another piece of information on the network

3
00:19.240 --> 00:27.350
that information is segmented and encapsulated into individual packets that are sent over the network.

4
00:27.400 --> 00:34.990
Normally an end user does not see individual packets but the final application data like the web page

5
00:35.050 --> 00:43.220
you are seeing right now. At the destination the network packets are and reassembled back into the complete

6
00:43.220 --> 00:51.980
web page or email. Packet sniffing or packet analyzing is the process of capturing any packets passed

7
00:52.040 --> 00:58.080
over at the local network and looking for any information that may be useful.

8
00:58.100 --> 01:05.720
Most of the time system administrators use packets sniffing to troubleshoot network problems or to detect

9
01:05.780 --> 01:12.900
intrusions or compromised workstations like a workstation that is connected to a remote machine and

10
01:12.910 --> 01:15.170
is sending data continuously.

11
01:15.740 --> 01:23.900
However black hat hackers could find creative ways to sniff packets using Men in the Middle (MiTM) Attack like

12
01:23.930 --> 01:29.030
arp spoofing in order to steal sensitive data that is passed over the network.

13
01:29.240 --> 01:36.710
When traffic is captured either the entire contents of the packets are recorded or just the headers.

14
01:37.160 --> 01:37.850
Note that

15
01:37.850 --> 01:42.120
most of the time  packet sniffing is a passive technique. 

16
01:42.170 --> 01:49.910
The hacker is not attacking any computer, he’s just eavesdropping on the conversation the victim 


17
01:49.910 --> 01:53.070
has with its default gateway. To sniff traffic

18
01:53.120 --> 02:00.380
someone has to use a spatial application called packet analyzer or packet sniffer that can intercept

19
02:00.470 --> 02:05.690
and log traffic that passes over the network or a part of it.

20
02:05.720 --> 02:13.130
There are many applications available but one of the most favourite is a free open source and multi-platform

21
02:13.190 --> 02:16.100
application called Wireshark.

22
02:16.100 --> 02:24.730
It works in graphical mode. There are also command line tools for sniffing packets, tshark and tcpdump 


23
02:24.740 --> 02:33.210
being among the most used ones. That was just a short introduction to packet sniffing and in the

24
02:33.210 --> 02:39.990
next lectures will dive deeper into the applications that are used for packet sniffing and analysing.