Latest In

Breaking News

{Cisco CCNA-SEC} Fundamentals Of Network Monitoring Principle

Network monitoring is a technology that uses the network interface of a computer to intercept data packets destined for a third-party computer.

Author:Anderson Patterson
Reviewer:Darren Mcpherson
Sep 12, 2022
141 Shares
141K Views
Network monitoring is a technology that uses the network interface of a computer to intercept data packets destined for a third-party computer. This technology can monitor the current traffic status of the network, the operation of network programs and illegal theft of confidential information transmitted in the network. In shared Ethernet, all communications are broadcast, that is, all network interfaces in the same network segment can access all data transmitted on physical media, and use ARP and RARP protocols for mutual conversion.
Under normal circumstances, a network interface should only respond to two kinds of data frames, the data frame matching its own hardware address and the broadcast data frame sent to all machines. In a practical system, data sending and receiving is completed by the network card. Each Ethernet card has a unique Ethernet address in the world. The Ethernet address is a 48 bit binary number. A datagram filter is built into the Ethernet card. The function of the packet filter is to retain the packets and broadcast packets with the MAC address of the network card as the communication purpose, and discard all other irrelevant packets, so as to avoid unnecessary processing of irrelevant packets by the CPU. This is the normal working mode of Ethernet card. In this mode, the Ethernet card will only transfer the relevant part of the received data packet to the local computer. However, packet filters can be disabled by programming. After disabling the packet filter, the network card will transfer all received packets upward, so the upper layer software can monitor the communication between other computers in the Ethernet. We call this working mode "hybrid mode". As shown in the following figure, it is applied in the shared hub network.

Shared HUB-connected Network

Another eavesdropping method is achieved by using ARP spoofing. ARP spoofing is also known as ARP redirection technology. Although ARP address resolution protocol is an efficient data link layer protocol, as a LAN protocol, it is based on mutual trust between hosts. Therefore, there are certain security problems:
  • The host address mapping table is dynamically updated based on cache, which is the feature of ARP protocol and one of the security problems. Since the normal inter host MAC address refresh is time limited, the counterfeiter can impersonate if he successfully modifies the address cache on the attacked machine before the next update.
  • ARP requests are sent by broadcast.
  • Can be sent at will.
  • ARP responses do not require authentication.
The "hybrid mode" of the network card makes it very easy to use the common network card as the network probe to realize network listening. On the one hand, it facilitates network management. On the other hand, ordinary users can easily listen to network communication, which is a great threat to the confidentiality of users' data communication. During data monitoring in this way, the network equipment is set to the hybrid mode at the nodes of the network to monitor and manage the network. Hackers use ARP to detect the network nodes in the hybrid mode and place hacker software at the nodes to eavesdrop.
Jump to
Anderson Patterson

Anderson Patterson

Author
Anderson Patterson, a tech enthusiast with a degree in Computer Science from Stanford University, has over 5 years of experience in this industry. Anderson's articles are known for their informative style, providing insights into the latest tech trends, scientific discoveries, and entertainment news. Anderson Patterson's hobbies include exploring Crypto, photography, hiking, and reading. Anderson Patterson's hobbies include exploring Crypto, photography, hiking, and reading. In the Crypto niche, Anderson actively researches and analyzes cryptocurrency trends, writes informative articles about blockchain technology, and engages with different communities to stay updated on the latest developments and opportunities.
Darren Mcpherson

Darren Mcpherson

Reviewer
Darren Mcpherson brings over 9 years of experience in politics, business, investing, and banking to his writing. He holds degrees in Economics from Harvard University and Political Science from Stanford University, with certifications in Financial Management. Renowned for his insightful analyses and strategic awareness, Darren has contributed to reputable publications and served in advisory roles for influential entities. Outside the boardroom, Darren enjoys playing chess, collecting rare books, attending technology conferences, and mentoring young professionals. His dedication to excellence and understanding of global finance and governance make him a trusted and authoritative voice in his field.
Latest Articles
Popular Articles