| - NIC is used in promiscuous mode to accept and process all packets on the network segment
- Network comms is performed serially (one packet/cell after another) with some network protocols (eg Telnet, FTP, SNMP, POP) sending in clear text
- Many commercial and freeware packet sniffers are freely available and can be configured to filter specific data
- One problem is that many users use the same username and or password for multiple apps. Attackers know this and exploit it which is known as social engineering ie they know and use human characteristics like this.
- There are four main types of packet sniffer mitigation:
1. Cryptography is the most effective as it renders packet sniffers irrelevant eg IPSec, SSH, SSL
2. Use a switched Ethernet infrastructure to microsegment ports (nb CLI access could allow SPAN ports to be configured, also ARP request flooding could effectively convert the switch to a hub and open to sniffing)
3. Use ‘Antisniffer’ tools such as ‘Antisniff’ which monitors which detect changes in response times of hosts to see if they are processing more traffic than they should be
4. Strong Authentication such as 2-fator authentication eg OTP’s (one-time passwords) such as RSA tokens (note this is not effective for actual data, only password protection)
....read more | 
