Overwhelming media attention and sensationalism about computer security has created a lot of fear, uncertainty, and doubt (FUD)—some deserved and some not. What exactly can attackers do? What tools and tricks do they have up their sleeves? Can they really compromise a computer simply by touching the keyboard? Not likely. Can they really disable the Internet? That depends. Walk on water? Let’s hope not. One area of penetration testing in particular that seems to be filled with confusion and is the topic of this chapter is network sniffing, which is the attacker’s ability to eavesdrop on communications between hosts.

This chapter explores network sniffing threats and in the process dispels some of the common myths and ...