SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThis paper focuses on the threat of packet sniffing in a switched environment, and briefly explores the effect in a non-switched environment. Detail is given on techniques such as 'ARP (Address Resolution Protocol) spoofing' which can allow an attacker to eavesdrop on network traffic in a switched environment. Third party tools exist which permit sniffing on a switched network. The result of running some of these tools on an isolated switched network is presented; it clearly demonstrates that the threat they pose is real and significant. The final section covers ways to mitigate the threat of network sniffing in both non-switched and switched environments. It is proposed that encryption is the only true defence to the threat of sniffing.