Home > CAPEC List > CAPEC-158: Sniffing Network Traffic (Version 2.10)  

CAPEC-158: Sniffing Network Traffic

Sniffing Network Traffic
Definition in a New Window Definition in a New Window
Attack Pattern ID: 158
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information. The adversary doesn't prevent reception or change content but simply observes and reads the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information.

+ Attack Prerequisites
  • Any target that transmits readable data over a public or multicast network could be attacked in this way.

+ Typical Severity


+ Resources Required

The attacker must be able to intercept the transmissions containing the data of interest. Depending on the network topology between the recipients, placement of listening equipment may be challenging (such as if both the sender and recipient are members of a single subnet and therefore the listener must also be attached to that subnet.

+ Solutions and Mitigations

Cryptographic techniques that render a data-stream unreadable can thwart this type of attack.

+ References
[R.158.1] ATT&CK Project. "Network Sniffing (1040)". MITRE. <https://attack.mitre.org/wiki/Network_sniffing>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated ReferencesInternal
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Description Summary, Related_Attack_PatternsInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017