13

Could somebody please explain to me the differences between the following attacks?

  • sniffing
  • snooping
  • spoofing

My professors used them all in his documents, but I'm not sure, if those are 3 different attacks or just synonyms.

schroeder
  • 125,553
  • 55
  • 289
  • 326
user1170330
  • 233
  • 1
  • 2
  • 4
  • Just nitpicking: none of these things are actually "attacks," per se. Some might argue that sniffing is an attack, but I think that the attack is MiTM, and sniffing is just gathering less sensitive information. – KnightOfNi Mar 09 '14 at 04:02
  • Sniffing has nothing to do with the sensitivity of the information. You may choose to only look at "less sensitive" information, but that is your choice and has nothing to do with technicalities of sniffing. Data is data, sensitive or not. – David Houde Mar 10 '14 at 01:38

2 Answers2

22

Sniffing and snooping should be synonyms. They refer to listening to a conversation. For example, if you login to a website that uses no encryption, your username and password can be sniffed off the network by someone who can capture the network traffic between you and the web site.

Spoofing refers to actively introducing network traffic pretending to be someone else. For example, spoofing is sending a command to computer A pretending to be computer B. It is typically used in a scenario where you generate network packets that say they originated by computer B while they really originated by computer C. Spoofing in an email context means sending an email pretending to be someone else.

Dimitris
  • 356
  • 2
  • 3
  • +1, but I always thought that senders were spoofed (ie, you spoof an IP or "from" address, not the message itself). You may have been trying to imply that, but it wasn't very clear. – KnightOfNi Mar 09 '14 at 04:00
  • I just read his answer, and it seemed pretty clear to me. – David Houde Mar 09 '14 at 05:22
  • Just to add, sniffing and snooping should be synonymous with interception also. – RBT Dec 06 '16 at 00:53
7

@Dimitris answer is a good answer. I think the problem can be more clear with some example:
Sniffing:
Any eavesdropping on existing traffic can be called sniffing, for example you can sniff your own traffic using a network sniffer, I think the WireShark is a good tool for this purpose. WireShark does not change the packets and only capure them and display them, this is the meaning of sniffing.

Spoofing:
When someone(or something) try to introduce himself as another person (or another object), this called spoofing, for example there is IP Spoofing, DNS Spoofing etc
in IP Spoofing suppose person A send a packet with source address B not A (not himself IP address) to another host. this is a simple IP Spoofing.
And inDNS Spoofing A person tries to put his own IP address as the name of a victim host in the DNS server, this is also a simple DNS Spoofing

Hope it helps

frogatto
  • 265
  • 1
  • 11