Which type of sniffing technique is generally referred as MiTM attack?

A.
Password Sniffing

B.
ARP Poisoning

C.
Mac Flooding

D.
DHCP Sniffing

Show Hint

← Previous question

Next question →

Leave a Reply 21

AnonymousToo

Think this should be B???

Buz

I do agree! B is the good one for me too!

Husain

B)ARP Poisoning

leo

definately B.

mkdccie

C will be correct as no GW here, and MAC flooding will make the SW act as Hub.
So attacker will have a copy of all the traffic.

Eddie Guerrero

Mkdccie, It has to be B! You spoof 2 targets (arpspoof -t {IP of victimA} {IP of victimB} and vice versa) telling each victim your attacking machine is the other victim. Then turn on forwarding on your attacking machine (echo > 1 /proc/sys/net/ipv4/ip_forward) so you play traffic between victims through your attacking machine, ala MiTM when you Arp Spoof. Try this on VMWARE with 1 linux and 2 windows, put the setups in BRIDGED mode you will see.

Mac Flooding you use to “pop” a switch into hub mode by overwheming the CAM table of a switch. You haven’t man in the middle’d with Mac flooding.

Poonam

Really like the explanation…. thanks!!!!

Felipe

No, it isn’t.
Correct answer is B. Compare with other exams:

http://snag.gy/kgRZC.jpg

RealBanda

he gut feeling is B but good point made by mkdccie

RealBanda

I also think it should be C because ARP poisoning finally leads to pretend to be someone and fool the other corner thus not sniffing. But on the other hand MAc flooding leads to switch to working like a hub and that means any one can sniff the network.

RealBanda

Sorry guys for the above explanation I finally figured it out that the answer should be B.
Because in the question it is asking which sniffing technique is generally referred as mitm attack, not only it should be just sniffing but should be also MiTM attack. So to poison ARP table you should sniff the packets before you spoof the intended IP and update ARP table with your MAC address. So after sniff you finally acting as a Man-in-the-Middle. 😀

MAC flooding is a way to achieve ARP Poisoning, correct? so which answer is more correct?

I say if this is a single/local switch then MAC flooding, if not then ARP Poisoning!

also not it says “Mac” not “MAC”, so that may leave us with the answer.

hannah

I think what mkdccie says: is correct. As there is no router is present the answer will be C: MAC Flooding.

juju

I think Mac Flooding it’s not a sniffing technique (you don’t need sniff nothing for do that), but ARP Poisoning need to sniff the Mac address of both sides. For this reason I think the correct response it’s “B. ARP Poisoning”.

The question is asking for the technique that is GENERALLY used in MiTM attacks. We all know that its ARP Poisoning.

juju

BTW, this question was on my exam today (CEH v7).

Azuris

ARP poisoning and Mac flooding both use ARP spoofing techniques.

Lets dissect each at a time:

ARP poisoning uses spoofed ARP’s which confuses the switch into mistakenly send frames intended for a machine to a different machine.

MAC flooding uses spoofed ARP’s to flood a switch with fake “spoofed addresses” turning it into a hub.Its then very easy for an attacker to listen to each and every frame passing by. 🙂

From the above:Its obvious, MAC flooding is the closest answer

manto

Felipe

Hi Admin.

This answer is wrong. The correct answer is B: ARP Poisoning.
You can check with other exams:

http://snag.gy/kgRZC.jpg

Please, don’t confuse people and change it.

It is definately B, no doubt. C is a sniffing attack BUT NOT A MITM ATTACK. Reason being with C, the correct machine is still getting the frame, but with ARP poisoning only the attacker gets the frame, so they are free to forward it on to the intended recipient.