Which type of sniffing technique is generally referred as MiTM attack?
A.
Password Sniffing
B.
ARP Poisoning
C.
Mac Flooding
D.
DHCP Sniffing
Which type of sniffing technique is generally referred as MiTM attack?
Which type of sniffing technique is generally referred as MiTM attack?
Think this should be B???
I do agree! B is the good one for me too!
B)ARP Poisoning
definately B.
C will be correct as no GW here, and MAC flooding will make the SW act as Hub.
So attacker will have a copy of all the traffic.
Mkdccie, It has to be B! You spoof 2 targets (arpspoof -t {IP of victimA} {IP of victimB} and vice versa) telling each victim your attacking machine is the other victim. Then turn on forwarding on your attacking machine (echo > 1 /proc/sys/net/ipv4/ip_forward) so you play traffic between victims through your attacking machine, ala MiTM when you Arp Spoof. Try this on VMWARE with 1 linux and 2 windows, put the setups in BRIDGED mode you will see.
Mac Flooding you use to “pop” a switch into hub mode by overwheming the CAM table of a switch. You haven’t man in the middle’d with Mac flooding.
Really like the explanation…. thanks!!!!
No, it isn’t.
Correct answer is B. Compare with other exams:
http://snag.gy/kgRZC.jpg
he gut feeling is B but good point made by mkdccie
I also think it should be C because ARP poisoning finally leads to pretend to be someone and fool the other corner thus not sniffing. But on the other hand MAc flooding leads to switch to working like a hub and that means any one can sniff the network.
Sorry guys for the above explanation I finally figured it out that the answer should be B.
Because in the question it is asking which sniffing technique is generally referred as mitm attack, not only it should be just sniffing but should be also MiTM attack. So to poison ARP table you should sniff the packets before you spoof the intended IP and update ARP table with your MAC address. So after sniff you finally acting as a Man-in-the-Middle. 😀
MAC flooding is a way to achieve ARP Poisoning, correct? so which answer is more correct?
I say if this is a single/local switch then MAC flooding, if not then ARP Poisoning!
also not it says “Mac” not “MAC”, so that may leave us with the answer.
I think what mkdccie says: is correct. As there is no router is present the answer will be C: MAC Flooding.
I think Mac Flooding it’s not a sniffing technique (you don’t need sniff nothing for do that), but ARP Poisoning need to sniff the Mac address of both sides. For this reason I think the correct response it’s “B. ARP Poisoning”.
The question is asking for the technique that is GENERALLY used in MiTM attacks. We all know that its ARP Poisoning.
BTW, this question was on my exam today (CEH v7).
ARP poisoning and Mac flooding both use ARP spoofing techniques.
Lets dissect each at a time:
ARP poisoning uses spoofed ARP’s which confuses the switch into mistakenly send frames intended for a machine to a different machine.
MAC flooding uses spoofed ARP’s to flood a switch with fake “spoofed addresses” turning it into a hub.Its then very easy for an attacker to listen to each and every frame passing by. 🙂
From the above:Its obvious, MAC flooding is the closest answer
C
Hi Admin.
This answer is wrong. The correct answer is B: ARP Poisoning.
You can check with other exams:
http://snag.gy/kgRZC.jpg
Please, don’t confuse people and change it.
It is definately B, no doubt. C is a sniffing attack BUT NOT A MITM ATTACK. Reason being with C, the correct machine is still getting the frame, but with ARP poisoning only the attacker gets the frame, so they are free to forward it on to the intended recipient.