Thursday, October 9, 2008

Active Sniffing vs. Passive Sniffing

Passive: No packet is generated by the tool. It just sits there and captures all the packets.

Active sniffers on the other hand do generate some spoofed packets as well as capture the authentic packets. E.g. Malicious ethernet packets generated using libnet will force the switch to learn, in a spanning tree algorithm, that the Machine with MAC address X (X being the address used by the Active sniffer) is located on that specific port.

All of the AirPcap adapters can operate in a completely passive mode. This means that they can capture the traffic on a channel without associating with an access point, or interacting with any other wireless device.

No comments: