CAPEC-158
Sniffing Network Traffic
Moyen
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-09-29
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.
Informations du CAPEC
Conditions préalables
The target must be communicating on a network protocol visible by a network sniffing application.The adversary must obtain a logical position on the network from intercepting target network traffic is possible. Depending on the network topology, traffic sniffing may be simple or challenging. If both the target sender and target recipient are members of a single subnet, the adversary must also be on that subnet in order to see their traffic communication.
Compétences requises
Adversaries can obtain and set up open-source network sniffing tools easily.Ressources nécessaires
A tool with the capability of presenting network communication traffic (e.g., Wireshark, tcpdump, Cain and Abel, etc.).Atténuations
Obfuscate network traffic through encryption to prevent its readability by network sniffers.Employ appropriate levels of segmentation to your network in accordance with best practices.
Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-311 |
Missing Encryption of Sensitive Data The product does not encrypt sensitive or critical information before storage or transmission. |
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated References | |
| CAPEC Content Team | The MITRE Corporation | Updated Description Summary, Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.