3.1. Sniffing and Port Scanning

The first step in any successful attack is sniffing, used to see what type of traffic is being passed on a network, and look for things like passwords, credit card numbers, and so forth. Sniffing is the term generally used for traffic monitoring within a network, while port scanning is used to find out information about a remote network.

Both sniffing and port scanning have the same objective—to find system vulnerabilities—but they take different approaches. Sniffing is used by an attacker already on the network who wants to gather more information about the network. Port scanning is used by someone who is interested in finding vulnerabilities on a system that is unknown.

There are many tools available for network ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.