Q: What is network sniffing?
A: Network sniffing is the process of monitoring and capturing all data packets passing through a given network using a software application or hardware device.

Q: What is the main difference between a hub and a switch in network sniffing?
A: A hub transmits line data to each port on the machine, while a switch looks at the MAC address associated with each frame passing through it and sends the data to the required port.

Q: What can packet sniffing programs do?
A: Packet sniffing programs can capture data packets only from within a given subnet, and can capture and analyze all the network traffic if placed on a network in promiscuous mode.

Q: What are the key components of an Ethernet connection?
A: An Ethernet connection typically involves a MAC address and an IP address, where the MAC address uniquely identifies each node in a network and the IP address is used by the network layer for communication.

Q: What is the function of ARP in data transmission?
A: ARP maps IP addresses to MAC addresses, allowing devices to communicate on a local network.

Q: How does shared Ethernet differ from switched Ethernet in terms of packet transmission?
A: In shared Ethernet, all hosts share a single bus and packets meant for one machine are received by all. In switched Ethernet, a switch sends packets only to the destined machine, improving security.

Q: What is ARP spoofing?
A: ARP spoofing is a sniffing method where an attacker sends fake ARP replies to mislead machines about the gateway's MAC address, redirecting traffic through the attacker's machine.

Q: What is passive sniffing?
A: Passive sniffing involves capturing and monitoring the packets flowing in the network without sending any packets, typically used in hub environments.

Q: What is active sniffing?
A: Active sniffing searches for traffic on a switched LAN by actively injecting traffic into it, such as using ARP spoofing to capture traffic on a switched network.

Q: Name three protocols vulnerable to sniffing.
A: Telnet, HTTP, and SNMP are examples of protocols vulnerable to sniffing due to lack of encryption.

Q: What are the two main types of wiretapping?
A: The two main types of wiretapping are active wiretapping (MITM attack) and passive wiretapping (eavesdropping).

Q: What is lawful interception?
A: Lawful interception refers to legally intercepting data communication between two endpoints for surveillance purposes by law enforcement agencies.


https://quizlet.com/au/928292538/module-8-sniffing-flash-cards/?i=2hfw1u&x=1jqt