CAPEC-158 - Sniffing Network Traffic

An attacker monitoring network traffic between nodes of a public or multicast network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. This differs from other sniffing attacks in that it is over a public network rather via some other communications channel, such as radio.

Severity

Likelihood

Confidentiality

Integrity

Availability

Any target that transmits readable data over a public or multicast network could be attacked in this way.

The attacker must be able to intercept the transmissions containing the data of interest. Depending on the network topology between the recipients, placement of listening equipment may be challenging (such as if both the sender and recipient are members of a single subnet and therefore the listener must also be attached to that subnet.

Cryptographic techniques that render a data-stream unreadable can thwart this type of attack.