Promiscuous mode – when the network card captures the traffic that receives, although the device is not the destination. Not all the wireless adapters allow promiscuous mode. Monitor mode is not promiscuous mode.
WinPcap – Open source library for packet capture
Wireshark – Application for sniffint and represent packets
Passive sniffing – using hub, tap, span
Active sniffing – use an attack to receive all the traffic: arp spoofing, mac flooding, mac duplication. IDS noisy
Spanning – Forward traffic of one port to another port
Tapping – Put a device in a middle of a channel to tap the communication and forward it to the sniffer
- Capture filter – Packets won’t be captured
- Display filter – Only visualization filters
host 172.24.1.1 port 67 tcp port 25 ether host xx:xx:xx:xx:xx:xx not ether host xx:xx:xx:xx:xx:xx wlan host xx:xx:xx:xx:xx:xx
ip.addr == x.x.x.x/X !ip.addr == x.x.x.x/X tcp.analysis.flags wlan.fc.type_subtype == 8 http.response.code > 399 ftp.response.arg == "Login incorrect"