nerdexam
EC-Council

312-50V10 · Question #692

Which type of sniffing technique is generally referred as MiTM attack?

The correct answer is B. ARP Poisoning. ARP Poisoning is the sniffing technique classified as a Man-in-the-Middle attack because it redirects network traffic through the attacker's machine by corrupting ARP caches.

Sniffing

Question

Which type of sniffing technique is generally referred as MiTM attack?

Exhibit

312-50V10 question #692 exhibit

Options

  • APassword Sniffing
  • BARP Poisoning
  • CMac Flooding
  • DDHCP Sniffing

How the community answered

(13 responses)
  • B
    85% (11)
  • C
    8% (1)
  • D
    8% (1)

Why each option

ARP Poisoning is the sniffing technique classified as a Man-in-the-Middle attack because it redirects network traffic through the attacker's machine by corrupting ARP caches.

APassword Sniffing

Password sniffing is a passive capture technique that reads credentials from network traffic; it does not involve redirecting or intercepting traffic between two parties.

BARP PoisoningCorrect

ARP Poisoning works by sending forged ARP reply packets that associate the attacker's MAC address with a victim's IP address, causing the local network to forward traffic intended for the victim to the attacker instead. This allows the attacker to intercept, read, and optionally forward packets - the defining characteristic of a MiTM attack. All other hosts on the segment update their ARP caches with the spoofed mapping, making the attack transparent to victims.

CMac Flooding

MAC flooding is an attack that overwhelms a switch's CAM table to cause broadcast behavior, enabling passive sniffing - it does not position the attacker between two communicating hosts.

DDHCP Sniffing

DHCP sniffing refers to monitoring or rogue DHCP server attacks and does not describe the active traffic-redirection mechanism that defines a MiTM attack.

Concept tested: ARP poisoning as Man-in-the-Middle attack

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html

Topics

#ARP poisoning#MiTM attack#sniffing techniques#network attacks

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice