Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-158:Sniffing Network Traffic
Attack Pattern ID:158
Version:v3.9
Attack Pattern Name:Sniffing Network Traffic
Abstraction:Detailed
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS157Sniffing Attacks
CanFollowS697DHCP Spoofing
Nature: ChildOf
Type: Standard
ID: 157
Name: Sniffing Attacks
Nature: CanFollow
Type: Standard
ID: 697
Name: DHCP Spoofing
▼Execution Flow
▼Prerequisites
The target must be communicating on a network protocol visible by a network sniffing application.
The adversary must obtain a logical position on the network from intercepting target network traffic is possible. Depending on the network topology, traffic sniffing may be simple or challenging. If both the target sender and target recipient are members of a single subnet, the adversary must also be on that subnet in order to see their traffic communication.
▼Skills Required
Low

Adversaries can obtain and set up open-source network sniffing tools easily.

▼Resources Required
A tool with the capability of presenting network communication traffic (e.g., Wireshark, tcpdump, Cain and Abel, etc.).
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
ConfidentialityN/ARead DataN/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: N/A
▼Mitigations
Obfuscate network traffic through encryption to prevent its readability by network sniffers.
Employ appropriate levels of segmentation to your network in accordance with best practices.
▼Example Instances
▼Related Weaknesses
IDName
CWE-311Missing Encryption of Sensitive Data
ID: CWE-311
Name: Missing Encryption of Sensitive Data
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1040Network Sniffing
ATTACK1111Multi-Factor Authentication Interception
Taxonomy Name: ATTACK
Entry ID: 1040
Entry Name: Network Sniffing
Taxonomy Name: ATTACK
Entry ID: 1111
Entry Name: Multi-Factor Authentication Interception
▼Notes
▼References
Details not found