312-50V10 · Question #692
Which type of sniffing technique is generally referred as MiTM attack?
The correct answer is B. ARP Poisoning. ARP Poisoning is the sniffing technique classified as a Man-in-the-Middle attack because it redirects network traffic through the attacker's machine by corrupting ARP caches.
Question
Which type of sniffing technique is generally referred as MiTM attack?
Exhibit
Options
- APassword Sniffing
- BARP Poisoning
- CMac Flooding
- DDHCP Sniffing
How the community answered
(13 responses)- B85% (11)
- C8% (1)
- D8% (1)
Why each option
ARP Poisoning is the sniffing technique classified as a Man-in-the-Middle attack because it redirects network traffic through the attacker's machine by corrupting ARP caches.
Password sniffing is a passive capture technique that reads credentials from network traffic; it does not involve redirecting or intercepting traffic between two parties.
ARP Poisoning works by sending forged ARP reply packets that associate the attacker's MAC address with a victim's IP address, causing the local network to forward traffic intended for the victim to the attacker instead. This allows the attacker to intercept, read, and optionally forward packets - the defining characteristic of a MiTM attack. All other hosts on the segment update their ARP caches with the spoofed mapping, making the attack transparent to victims.
MAC flooding is an attack that overwhelms a switch's CAM table to cause broadcast behavior, enabling passive sniffing - it does not position the attacker between two communicating hosts.
DHCP sniffing refers to monitoring or rogue DHCP server attacks and does not describe the active traffic-redirection mechanism that defines a MiTM attack.
Concept tested: ARP poisoning as Man-in-the-Middle attack
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html
Topics
Community Discussion
No community discussion yet for this question.
