Attacks on network


• Sniffing is the process of gathering traffic from a network by capturing the data as they 
pass and storing them to analyze later.
• Sniffers are used to capture traffic sent between two systems. Depending on how the 
sniffer is used and the security measures in place, a hacker can use a sniffer to discover 
usernames, passwords, and other confidential information transmitted on the network
• It is a Passive Process. 



ARP Poisoning: Man in the Middle Attack
• The concept of ARP Poisoning (or ARP spoofing) is to set up a man-in-the-middle
attack that allows the attacker to insert himself into the communications stream between 
the victim and the victim’s intended communications recipient. 
• It involves sending bogus ARP requests to the network device so outbound traffic will 
be routed to the attacker.
• Hacker uses the concept of ARP Poisoning to redirect all the network traffic to the 
Sniffer device and get all the Username and Password sent in the Network



DNS spoofing

• DNS spoofing (or DNS poisoning) is a technique that tricks a DNS server into believing 
it has received authentic information when in reality it hasn’t. 
• When a user requests a certain website URL, the address is looked up on a DNS server 
to find the corresponding IP address. If the DNS server has been compromised, the user 
is redirected to a website other than the one that was requested, such as a fake website. 
Counter apart the Network attacks 
 • Generally a Client User is not really the concerned person to secure the Network; it is the 
part of the Network Administration. 
• However, still the User is the one who will directly or indirectly effect with the Network 
Trace Your Sever 
 • Trace your Server to check if there unreliable device in between your computer to your 
• Command: Tracert ServerIP


Check the Network Connections 
 • A User must check the network connections which his computer has made to outer 
• Command: Netstat –a 
• Or you can use the TCP View to check the network connection details. 
Checking the ARP Table 
 • ARP is Address Resolution Protocol, which converts the IP Address of a device to its 
Physical Address. 
• “Arp –a”, use this command to check the ARP table for your computer and you can 
easily detect the MITM Attack.