Sniffing Module 07 Quiz

Questions and Answers

Which protocol is known to transmit data in clear text?

• SSH
• HTTPS
• FTP (correct)
• SSL

At which layer of the OSI model do sniffers operate?

• Application layer
• Network layer
• Data Link layer (correct)
• Transport layer

What defines active wiretapping?

• Captures data without affecting it
• Only monitors and records traffic
• Intercepts data without altering it
• Injects data into the communication (correct)

What is the primary function of a hardware protocol analyzer?

To capture signals and monitor usage (A)

What does lawful interception involve?

Legally intercepting communications (B)

Which of the following is a characteristic of passive wiretapping?

Records and monitors the traffic (B)

Which of these protocols is NOT considered compromised regarding sniffing?

SSH (C)

What is the main purpose of wiretapping?

To secretly monitor conversations (B)

What technique does DNS poisoning utilize to mislead a DNS server?

Replacing legitimate IP addresses with false ones (D)

Which of the following is a recommended way to defend against network sniffing?

Utilize switches rather than hubs (D)

Which method can be used to capture and analyze network traffic?

Wireshark (B)

What is one way an attacker can utilize MAC addresses to perform attacks?

By pretending to be associated users linked to a switch port (B)

Which protocol should be used instead of FTP for secure file transfers?

SFTP (B)

Which of the following attacks involves manipulating the cache of a DNS server?

DNS Cache Poisoning (B)

What type of network traffic does Wireshark capture?

Various types including Ethernet and Bluetooth (C)

How can one detect if any network interfaces are running in promiscuous mode?

By running diagnostic tools to check NIC settings (D)

What is the purpose of an ARP request?

To obtain the MAC address corresponding to an IP address. (D)

Which of the following describes ARP poisoning?

Flooding a target computer's ARP cache with forged entries. (B)

What threat involves diverting communications between two machines through an attacker's PC?

Man-in-the-Middle Attack (A)

How can a MAC duplicating attack be executed?

By sniffing the network for active MAC addresses. (B)

What is the primary function of a sniffer in a network?

To monitor and capture data packets (D)

Which type of sniffing involves monitoring packets without injecting any additional traffic?

Passive Sniffing (D)

What happens after ARP requests and replies flood a switch?

The switch forwards all traffic to the attacker. (D)

What happens during active sniffing in a switch-based network?

Additional data packets are injected into the network (D)

Which of the following is NOT a threat associated with ARP poisoning?

Increased bandwidth usage (A)

What technique can an attacker use in active sniffing to redirect traffic from the victim's machine?

ARP Spoofing (B)

What is a common method used by attackers in ARP spoofing?

Constructing forged ARP requests and replies. (A)

What does a switch do in 'forwarding mode'?

It forwards packets based on MAC addresses. (C)

What type of traffic can potentially be captured by sniffers?

All types of network traffic (C)

In a hub-based network, what advantage does passive sniffing provide?

Significant stealth advantages (A)

What is a possible effect of MAC flooding in a network?

Flooding the CAM table (C)

What is the first step an attacker takes when using sniffers to hack a network?

Connect to a switch port (C)

What is the primary function of the PRISM tool?

To collect and process foreign intelligence data. (D)

Which of the following describes MAC flooding?

Flooding the CAM table with fake MAC address and IP pairs. (B)

What is one of the key defenses against MAC flooding attacks?

Implementing port security to allow only one MAC address. (C)

What does Address Resolution Protocol (ARP) primarily do?

Resolves IP addresses to MAC addresses. (B)

What data flow speed is reported for Europe in the context of wiretap rates?

5 Gbps (A)

Which component allows law enforcement to access intercepted data?

Storage System. (A)

Which of the following is NOT part of the recommended port security configuration?

switchport port-security disable all ports (C)

Which area has the highest data flow in hours related to wiretapping?

Latin America and Caribbean. (D)

DNS poisoning tricks a DNS server into believing it has received authentic information.

True (A)

Wireshark captures packets only on the networks supported by Ethernet.

False (B)

Using a switch instead of a hub can help protect data by delivering it only to the intended recipient.

True (A)

A common method for attackers to carry out a DNS attack is by creating fake DNS entries with the same name as legitimate servers.

True (A)

Retrieving the MAC address directly from the OS is recommended to prevent MAC address spoofing.

False (B)

Sniffing is a method used to capture and monitor data packets in a network.

True (A)

Active sniffing requires the use of switches to be effective, while passive sniffing does not.

True (A)

In passive sniffing, the attacker can send data packets into the network traffic.

False (B)

MAC flooding is an example of an active sniffing technique.

True (A)

A sniffer can be used to turn a standard NIC into promiscuous mode to listen to all transmitted data.

True (A)

Sniffers operate at the Network layer of the OSI model.

False (B)

Active wiretapping involves only monitoring and recording traffic.

False (B)

A hardware protocol analyzer can capture and analyze individual data bytes passing through a cable.

True (A)

Lawful interception requires consent from one of the involved parties.

True (A)

All data sent via FTP is encrypted by default.

False (B)

Passive wiretapping is considered a criminal offense in all circumstances.

False (B)

IMAP is a protocol known for sending passwords in clear text.

True (A)

A compromised protocol guarantees secure data transmission.

False (B)

Sniffers can operate independently of the upper layers and remain undetected.

True (A)

Telephone conversations can be monitored through wiretapping.

True (A)

What is the primary consequence of DNS poisoning?

Manipulation of a DNS server's IP address records (A)

How does Wireshark primarily capture network traffic?

Using Winpcap to capture packets on supported networks (C)

Which method is effective in preventing MAC address spoofing?

Getting the MAC directly from the NIC instead of the OS (C)

What is the purpose of using a switch instead of a hub in network configuration?

To reduce latency by isolating traffic to specific ports (D)

Which technique can be employed to recognize if a machine is in promiscuous mode?

Utilizing specific tools to check NIC configurations (D)

What is the primary difference between passive and active sniffing in a network?

Active sniffing requires manipulation of the network traffic. (D)

Which technique allows an attacker to redirect traffic using ARP spoofing?

Flooding a switch's CAM table with ARP packets. (D)

What makes passive sniffing more advantageous than active sniffing?

It is less likely to be detected. (C)

Which kind of network equipment primarily exposes vulnerabilities to sniffing attacks?

Hubs that broadcast traffic to all ports. (C)

What does MAC flooding aim to achieve in terms of network security?

To force a switch to behave like a hub. (A)

Which of the following statements is true regarding active wiretapping?

It allows for intercepting and altering data traffic. (D)

What is a primary function of hardware protocol analyzers?

To capture and analyze traffic without modification. (C)

Which protocol is typically associated with transmitting data in clear text?

SMTP (C)

What does passive wiretapping primarily allow an attacker to do?

Monitor and record traffic. (A)

Which of the following could be considered a limitation of sniffers at the Data Link layer?

They are unable to capture all traffic types. (D)

What distinguishes lawful interception from other types of data interception?

It requires user consent. (D)

What is a common tool for monitoring network usage and identifying malicious traffic?

Hardware protocol analyzer (C)

Which of the following protocols is vulnerable to sniffing due to transmitting data in clear text?

FTP (C)

What technique is primarily used to monitor and capture telephone conversations by unauthorized parties?

Wiretapping (D)

Which of the following statements is true regarding sniffing tools?

They can provide real-time monitoring of network traffic. (A)

DNS poisoning results in the replacement of a true IP address with a false one at the DNS level.

True (A)

Wireshark can capture packets from all network types without any limitations.

False (B)

Using HTTPS instead of HTTP is a recommended approach to protect sensitive data during transmission.

True (A)

Creating fake DNS entries is not a technique used in DNS attacks.

False (B)

Retrieving the MAC address from the operating system helps in preventing MAC address spoofing.

False (B)

Active sniffing involves monitoring packets without injecting additional data into the network traffic.

False (B)

Passive sniffing can capture all traffic in a hub-based network because the hub sends traffic to all ports.

True (A)

A common active sniffing technique is DHCP attacks, which can lead to network disruption and data theft.

True (A)

MAC flooding can cause a switch to behave like a hub, exposing data to all connected devices.

True (A)

Sniffing tools can only capture unencrypted data, making them ineffective against secure communications.

False (B)

Sniffers can monitor data without the upper layers of the OSI model being aware of it.

True (A)

Lawful interception can be performed without a warrant in most countries.

False (B)

Active wiretapping involves monitoring and altering traffic.

True (A)

HTTP is a protocol that transmits data securely by encrypting it.

False (B)

A hardware protocol analyzer can only be used to capture signals without altering the traffic.

True (A)

Passive wiretapping allows an attacker to inject false information into the communication.

False (B)

Telnet is a protocol that securely transmits sensitive data.

False (B)

Wireless networks can also be susceptible to wiretapping.

True (A)

A hardware protocol analyzer can identify malicious network traffic generated by hacking software.

True (A)

POP3 and IMAP are examples of protocols that can be compromised due to clear text transmission.

True (A)

Which of the following accurately describes a feature of Wireshark?

It relies on Winpcap for capturing network packets (C)

Which method is NOT recommended to defend against network sniffing?

Employing a hub for easier traffic monitoring (C)

What is a major characteristic of DNS cache poisoning?

It can occur through insecure DNS configurations (A)

How can sniffing be detected on a network?

By checking if any machines are running in promiscuous mode (B)

What is the primary difference between passive sniffing and active sniffing in a network environment?

Passive sniffing involves monitoring without injecting data, while active sniffing involves injecting data into the network. (D)

In the context of network sniffing, which technique specifically targets the Content Addressable Memory (CAM) of a switch?

MAC flooding (C)

Which of the following explains how an attacker can successfully extract sensitive data using sniffers?

By redirecting traffic meant for the victim through their own machine. (A)

What characteristic makes passive sniffing less detectable compared to active sniffing?

It only observes existing traffic without injecting any packets. (B)

Which of the following types of sensitive information could potentially be captured through sniffing that relates to user authentication processes?

Telnet passwords (B)

What best describes the primary capability of a hardware protocol analyzer?

To capture and analyze data packets according to predetermined rules. (D)

Which type of wiretapping involves modifying the data being intercepted?

Active Wiretapping (A)

Which layer of the OSI model do sniffers primarily interact with when capturing data?

Data Link Layer (C)

What is a commonly used method by attackers during passive wiretapping?

Monitoring and recording the data without interference. (D)

Which of the following is NOT a feature of lawful interception?

Monitoring without consent. (C)

Which component is essential for any wiretapping process to be considered lawful?

Legal warrant or consent. (B)

Which of the following protocols is susceptible to sniffing and transmits data in clear text?

POP (A)

What is the consequence of employing a hardware protocol analyzer in a network?

Potential privacy concerns if used without permission. (C)

What characterizes the process of sniffing in the context of network security?

Capturing data packets without altering their content. (D)

Which hardware protocol analyzer is identified for its capability to monitor network usage?

FLUKE Networks OptiView® XG (A)

Passive sniffing can capture all traffic on a switch-based network without injecting any packets.

False (B)

DNS poisoning is a technique that tricks a DNS server into believing that it has received fraudulent information.

True (A)

In active sniffing, an attacker collects traffic by flooding the switch's CAM table with address resolution packets.

True (A)

Wireshark captures packets from Bluetooth and ADSL networks but not from Ethernet networks.

False (B)

The primary advantage of using a hub in a network is to provide higher data security compared to switches.

False (B)

Using a hub instead of a switch is recommended for secure communication since hubs deliver data only to the intended recipient.

False (B)

The DNS cache poisoning technique allows an attacker to replace IP address entries for a target site with an IP address controlled by the attacker.

True (A)

DNS poisoning is a passive technique that does not interfere with network traffic flow.

False (B)

Sniffing allows attackers to capture sensitive information like Telnet passwords and email traffic.

True (A)

Retrieving the MAC address directly from the operating system instead of the NIC prevents MAC address spoofing.

False (B)

Wired equipment cannot be used to monitor network traffic due to the high speed of the data flow.

False (B)

Passive wiretapping can change the content of the communications being monitored.

False (B)

The Data Link layer of the OSI model operates independently and can be accessed by sniffers without affecting higher layers.

True (A)

Lawful interception is a method used by law enforcement to avoid any legal consequences while intercepting data communications.

True (A)

Active wiretapping involves simply monitoring the data without interacting with it.

False (B)

Keysight N2X N5540A is an example of a hardware protocol analyzer used for monitoring network usage.

True (A)

SMTP is known to transmit data securely without risks of sniffing.

False (B)

A hardware protocol analyzer modifies data packets for better analysis of network traffic.

False (B)

Telnet and FTP are protocols known to transmit data including usernames and passwords in clear text.

True (A)

Wiring devices can be utilized for both active and passive wiretapping methods.

True (A)

Flashcards

MAC Address Spoofing (Attack)

An attack where an attacker gets the MAC address of a user, to impersonate them by sending them fake data via the same switch port.

DNS Poisoning

A technique to trick a DNS server into believing false information, redirecting users to malicious sites by giving a fake IP address.

Wireshark

A network sniffing tool used to capture and analyze network traffic.

HTTPS

A secure protocol for transferring data over the internet using encryption for user names and passwords.

Promiscuous Mode

A network interface card (NIC) setting that allows the card to receive all network traffic, not just the intended traffic.

Network Sniffing

Capturing and analyzing network traffic by a tool or person without the knowledge of the user who owns these data.

Switch vs. Hub

A switch directs data packets only to the intended recipient, while a hub broadcasts data to all devices on the network.

DNS Spoofing Technique

An attack that redirects users to a malicious website by changing DNS records to point to a fake IP address.

Passive Sniffing

Monitoring network traffic without sending any extra data.

Active Sniffing

Injecting packets to overwhelm the network for data gathering.

Sniffer Tools

Software used for network analysis/monitoring using sniffing technique.

MAC Flooding

Overloading the switch's table with MAC addresses, causing it to 'drop packets'.

Hub

Network device that broadcasts data to all connected devices.

Switch

A network device that directs data only to the intended recipient.

Sniffing at the Data Link Layer

Sniffers capture data packets at the Data Link layer of the OSI model, without upper layers being aware.

Sniffing vulnerable protocols

Some protocols like HTTP, Telnet, and POP transmit data in clear text, making them vulnerable to sniffing.

Hardware Protocol Analyzer

A device used to capture and analyze network traffic without altering it.

Wiretapping

Monitoring and intercepting communication (phone or internet) by listening devices.

Active Wiretapping

Wiretapping method that monitors, records, and potentially alters communication or injects elements.

Passive Wiretapping

Wiretapping method that only monitors and records communication, without altering it.

Lawful interception

Legally intercepting data communication for surveillance purposes (telecommunications, data, etc.).

Unsecured Protocols (Sniffing Vulnerability)

Protocols that transmit data (usernames, passwords) in clear text are susceptible to unauthorized access by intercepting the data.

Wiretap

A court order authorizing the interception of communications, like phone calls or internet traffic, for legal investigations.

Access Switch/Tap

A physical device installed by a service provider to allow law enforcement access to intercepted data.

Central Management Server (CMS)

A server that manages and controls the flow of intercepted data in a wiretapping system.

Port Security

A network security feature that restricts the number of MAC addresses allowed on a switch port, preventing MAC flooding attacks.

ARP (Address Resolution Protocol)

A network protocol that translates IP addresses (logical addresses) to MAC addresses (physical addresses) for devices on a network.

ARP Request

A broadcast message sent by a device on a network when it needs to find the MAC address associated with a specific IP address.

ARP Table

A table inside a network device that stores mappings between IP addresses and MAC addresses for recently communicated devices.

ARP Spoofing

An attack where attackers send forged ARP packets to a switch, flooding its ARP table with fake entries and diverting network traffic to their machines.

What is a forged ARP packet?

A fake ARP packet that claims to have a specific IP address, but contains a malicious MAC address, redirecting traffic to the attacker's machine.

MAC Spoofing/Duplicating

An attacker steals a legitimate user's MAC address by sniffing network traffic and reuses it to gain access to a network, impersonating the user.

What are the threats of ARP Poisoning?

ARP poisoning can lead to various attacks, including packet sniffing, session hijacking, data interception, and denial-of-service attacks.

Switch's Forwarding Mode

A switch operates in forwarding mode after its ARP table is flooded with forged ARP replies, allowing attackers to sniff all network packets.

What is the goal of MAC Spoofing?

A malicious user can intercept and use a legitimate user's MAC address to receive all the traffic destined for the user, gaining access to the network and potentially taking over their identity.

How does MAC Duplication work?

An attacker listens to network traffic, identifies a legitimate user's MAC address, and duplicates it to gain access to the network and impersonate the user.

MAC Address Spoofing

An attacker can deceive a network by using another device's MAC address to gain unauthorized access.

Wireshark Tool

A network analysis tool used to capture and inspect the traffic flowing through a network.

What is network sniffing?

Network sniffing is the act of capturing and analyzing data packets that travel across a network. It's like listening in on a conversation, but instead of words, you're listening to data packets.

Why is sniffing dangerous?

Sniffing can expose sensitive information like passwords, confidential files, and sensitive communication. It can be used to steal information or launch other attacks.

What is passive sniffing?

Passive sniffing involves listening to network traffic without sending any additional packets. It's like eavesdropping on a conversation without saying anything.

What is active sniffing?

Active sniffing is used to sniff a switch-based network. It involves injecting ARP packets to flood the switch's CAM table, allowing the attacker to capture all traffic.

What is MAC Flooding?

MAC flooding is an active sniffing technique where an attacker sends many fake MAC addresses to the switch, overwhelming its memory and causing it to behave like a hub.

What is sniffing?

Capturing and analyzing network traffic without the knowledge of the user who owns these data.

Data Link Layer Sniffing

Sniffers operate at the Data Link layer of the OSI model, capturing packets as they pass through the network.

Vulnerable Protocols

Protocols that send passwords and data in plain text, making the information vulnerable to sniffing.

What is wiretapping?

Monitoring and intercepting phone and internet conversations by connecting a listening device to the communication circuit.

Compromised Application Stream

Protocols like POP3, IMAP, IM, SSL, and SSH can be vulnerable to sniffing because they send sensitive data through the network.

Initial Compromise

Attackers can gain access to network traffic by physically connecting a sniffer to a network cable or by exploiting network vulnerabilities.

Intranet DNS Spoofing

A DNS poisoning attack within a local network. This means the attacker is on the same network as the victim and can target a DNS server within that network, redirecting internal traffic to the attacker's control.

Sniffing

Capturing and analyzing network traffic to gather information like passwords, communications, and data packets, often without the knowledge of the user.

What does a Hardware Protocol Analyzer do?

It captures network data without altering the traffic, allowing detailed analysis of packet contents, including individual bytes.

What is Passive Wiretapping?

It only monitors and records network traffic to gain knowledge of the data it contains. Attackers don't change the flow.

What is the purpose of Lawful Interception?

It allows authorized parties like law enforcement to legally intercept data communication for surveillance purposes on various networks.

What is a Compromised Application Stream?

Protocols like POP3, IMAP, IM, SSL, and SSH can be vulnerable to sniffing because they transmit sensitive data over the network.

How can a Physical Link be Compromised?

Attackers can physically connect a sniffer to a network cable, giving them access to all data flowing through that cable.

What does a Sniffer do?

Sniffers capture and analyze network traffic to gather information such as passwords, communication, and data packets, often without user awareness.

What is Initial Compromise?

Attackers can gain access to network traffic through physical connections, exploiting vulnerabilities, or using social engineering.

Physical Link Compromise

Attackers can physically connect a sniffer to a network cable, giving them access to all data flowing through that cable.

Vulnerable Protocols (Sniffing)

Protocols like HTTP, Telnet, and POP transmit data in clear text, making the information vulnerable to unauthorized access via sniffing.

Study Notes

Sniffing Module 07

• Sniffing is a process of monitoring and capturing data packets on a network.
• Sniffing tools are used for wiretapping on computer networks.
• Switch ports can be open, which allows anyone in the same physical location to plug into the network using an Ethernet cable.
• Often, sensitive information is obtained through sniffing, including syslog traffic, telnet passwords, router configurations, and FTP passwords.
• Sensitive information acquired through sniffing includes web traffic, chat sessions, email, and DNS traffic.

How a Sniffer Works

• A sniffer turns the Network Interface Card (NIC) of a system to promiscuous mode.
• This mode allows the sniffer to listen to all the transmitted data on its segment.
• An attacker might make a switch behave as a hub, allowing a sniffer to capture traffic meant for other devices.
• A sniffer monitors network traffic by decoding the information encapsulated in data packets.

Passive Sniffing

• Passive sniffing involves monitoring traffic without actively injecting data into the network.
• It’s done through a hub, where all traffic is sent to all ports.
• Hubs are now outdated; most modern networks use switches.
• All hosts in a hub-based network can see all traffic, making sniffing easier.
• Passive sniffing offers significant stealth compared to active sniffing.

Active Sniffing

• Active sniffing involves injecting packets into a switch-based network to obtain information.
• Attackers use techniques like ARP flooding and DNS poisoning.
• ARP flooding, DNS poisoning, switch port stealing, and spoofing attacks are examples that are used to acquire data in an active sniffing manner.
• A target computer's ARP cache is flooded with forged entries in an Active Sniffing attack.

How an Attacker Hacks via Sniffers

• Attackers often use laptop devices connected to a switch port.
• Discovery tools help identify network topology.
• Targeting specific machines leads to targeted attacks.
• ARP spoofing redirects traffic to the attacker.
• Passwords and sensitive data are retrieved from redirected traffic.

Protocols Vulnerable to Sniffing

• Protocols that send data in clear text are vulnerable.
• This includes HTTP, Telnet, Rlogin, POP, IMAP, SMTP, NNTP, and FTP.
• Keystrokes, usernames, and passwords are also susceptible.

Sniffing in the Data Link Layer (OSI Model)

• Sniffers operate at the Data Link layer of the OSI model.
• The Data Link layer operates independently of higher layers.
• Network traffic is easily sniffed since the upper OSI layers are unaware of the action.

Hardware Protocol Analyzers

• Hardware protocol analyzers are devices that capture network traffic without altering it.
• They can monitor network usage and identify malicious activity.
• Individual data bytes of each packet are visible using the analyzer.
• Various examples of hardware protocol analyzers are listed, including Keysight N2X N5540A, Keysight E2960B, RADCOM PrismLite Protocol Analyzer, RADCOM Prism Ultra-Lite Protocol Analyzer, FLUKE Networks, and OptiView XG.

Wiretapping

• Wiretapping involves monitoring communications (phone, internet) by a third party.
• It can use hardware, software, or a combination of both.
• It allows attackers to monitor, intercept, access, and record information in a communication system.
• Active wiretapping involves altering the communications.
• Passive wiretapping involves passively monitoring.

Lawful Interception

• Lawful interception is legally intercepting data communication for surveillance.
• This requires court orders and specific procedures.
• Agencies like law enforcement and intelligence agencies can access this data when required.

Wiretapping Case Study: PRISM

• PRISM is a data collection tool designed to collect and process foreign intelligence.
• Significant amounts of foreign internet traffic are routed through US servers.
• Wiretapping helps to intercept and collect the data of foreign users.

MAC Flooding

• MAC flooding involves overwhelming the CAM table of a switch with fake MAC addresses and IP.
• This causes the switch to act as a hub by broadcasting traffic to all devices on the network.
• The attacker can then sniffer traffic.
• Flood of MAC addresses causes the switch to enter forwarding mode

ARP Spoofing Attacks

• Forged ARP packets send traffic to the attacker.
• This floods the switch by sending ARP-request and ARP-reply.
• ARP table is poisoned with incorrect entries, which deflect the traffic to the attacker.

Threats of ARP Poisoning

• Diverting communications between two machines through fake ARP messages.
• Packet sniffing, session hijacking, VoIP call tapping, data manipulation, Man-in-the-Middle attacks, and Denial-of-Service (DoS) attacks are types of harms from ARP Poisoning.

MAC Spoofing/Duplication

• MAC spoofing involves actively changing or mimicking a MAC address to gain access to the network.
• Network traffic intended for the legitimate user is intercepted and routed to the spoofer.
• By listening to traffic on the network, malicious users can use legitimate user MAC addresses to receive traffic.

DNS Poisoning Techniques

• DNS poisoning tricks a DNS server into accepting fake IP address information for a domain, leading to malicious links or other exploits.
• An attacker can alter the IP address (at the DNS-server level) displayed by the server to the victims' computers; this often occurs through replacing the true IP with an illegitimate IP.

Sniffing Tool: Wireshark

• Wireshark is a commonly used network traffic capturing and analyzing tool.
• It supports various network types, including Ethernet, and Token-Ring.
• Wireshark uses WinPcap and allows for editing of captures using command-line.
• Filters allow users to quickly identify specific packets.

How to Defend Against Sniffing

• Use HTTPS instead of HTTP to secure sensitive information.
• Use switches where appropriate, rather than hubs, to prevent all packets from being sent to all devices.
• Use methods like SFTP instead of FTP to securely transfer files.
• Encrypt network communications with strong protocols (e.g., WPA2).
• Retrieve MAC addresses from the network interface card (NIC) for security.
• Use tools to monitor network interfaces for malicious promiscuous mode use.

How to Detect Sniffing

• Check for devices operating in promiscuous mode.
• Use Intrusion Detection Systems (IDS) to detect changes in MAC addresses.
• Use network tools to monitor and identify unusual packets, as well.