Which of the following applications captures network packets as they traverse a network and
displays them to the attacker?
A.
Keylogger
B.
Sniffer
C.
Key fob
D.
Protocol analyzer
Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC
of the LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic
across the network. A sniffer attack is a passive attack because the attacker does not directly
connect with the target host. This attack is most often used to grab logins and passwords from
network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good examples
of sniffers. These tools provide many facilities to users such as graphical user interface, traffic
statistics graph, multiple sessions tracking, etc.Answer D is incorrect. A protocol analyzer for particular types of networks is a computer software or
computer hardware that can intercept and log traffic passing over a digital network or part of a
network. As data streams flow across the network, the protocol analyzer captures each packet and,
if needed, decodes and analyzes its content according to the appropriate RFC or other specifications.Answer A is incorrect. A keylogger is a software tool that traces all or specific activities of a user on a
computer. Once a keylogger is installed on a victim’s computer, it can be used for recording all
keystrokes on the victim’s computer in a predefined log file. An attacker can configure a log file in
such a manner that it can be sent automatically to a predefined e-mail address. Some of the main
features of a keylogger are as follows:
It can record all keystrokes.
It can capture all screenshots.
It can record all instant messenger conversations.
It can be remotely installed.
It can be delivered via FTP or e-mail.Answer C is incorrect. Key fobs are security devices used by telecommuters to provide one part of a
three way match for a user to log on to a secured network.These are display-only devices that algorithmically generate security codes as part of a
challenge/response authentication system. This code usually changes very quickly and is used with
the PIN for authentication.