Which of the following is a software tool used in passive attacks for capturing network traffic?
A.
Sniffer
B.
Intrusion detection system
C.
Intrusion prevention system
D.
Warchalking
Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the
NIC of the LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data
traffic across the network. A sniffer attack is a passive attack because the attacker does not
directly connect with the target host. This attack is most often used to grab logins and passwords
from network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good
examples of sniffers. These tools provide many facilities to users such as graphical user interface,
traffic statistics graph, multiple sessions tracking, etc.
Answer option C is incorrect. An intrusion prevention system (IPS) is a network security device
that monitors network and/or system activities for malicious or unwanted behavior and can react,
in real-time, to block or prevent those activities. When an attack is detected, it can drop the
offending packets while still allowing all other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software
application that monitors network and/or system activities for malicious activities or policy
violations and produces reports to a Management Station. Intrusion prevention is the process of
performing intrusion detection and attempting to stop detected possible incidents. Intrusiondetection and prevention systems (IDPS) are primarily focused on identifying possible incidents,
logging information about them, attempting to stop them, and reporting them to security
administrators.
Answer option D is incorrect. Warchalking is the drawing of symbols in public places to advertise
an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special
symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking
is derived from the cracker terms war dialing and war driving.