Sniffing, Snooping, Spoofing

  • Could somebody please explain to me the differences between the following attacks?

    • sniffing
    • snooping
    • spoofing

    My professors used them all in his documents, but I'm not sure, if those are 3 different attacks or just synonyms.

    Just nitpicking: none of these things are actually "attacks," per se. Some might argue that sniffing is an attack, but I think that the attack is MiTM, and sniffing is just gathering less sensitive information.

    Sniffing has nothing to do with the sensitivity of the information. You may choose to only look at "less sensitive" information, but that is your choice and has nothing to do with technicalities of sniffing. Data is data, sensitive or not.

  • Dimitris

    Dimitris Correct answer

    7 years ago

    Sniffing and snooping should be synonyms. They refer to listening to a conversation. For example, if you login to a website that uses no encryption, your username and password can be sniffed off the network by someone who can capture the network traffic between you and the web site.

    Spoofing refers to actively introducing network traffic pretending to be someone else. For example, spoofing is sending a command to computer A pretending to be computer B. It is typically used in a scenario where you generate network packets that say they originated by computer B while they really originated by computer C. Spoofing in an email context means sending an email pretending to be someone else.

    +1, but I always thought that senders were spoofed (ie, you spoof an IP or "from" address, not the message itself). You may have been trying to imply that, but it wasn't very clear.

    I just read his answer, and it seemed pretty clear to me.

    Just to add, sniffing and snooping should be synonymous with interception also.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM