312-50V13 · Question #161
Which type of sniffing technique is generally referred as MiTM attack?
The correct answer is B. ARP Poisoning. ARP poisoning is a network-level attack that manipulates Address Resolution Protocol caches to redirect traffic through an attacker, effectively enabling a Man-in-the-Middle (MiTM) scenario.
Question
Exhibit
Options
- APassword Sniffing
- BARP Poisoning
- CMac Flooding
- DDHCP Sniffing
How the community answered
(19 responses)- A5% (1)
- B95% (18)
Why each option
ARP poisoning is a network-level attack that manipulates Address Resolution Protocol caches to redirect traffic through an attacker, effectively enabling a Man-in-the-Middle (MiTM) scenario.
Password sniffing is the act of capturing passwords from network traffic, which is a *result* or objective of a sniffing attack, rather than the underlying technique that enables a MiTM attack.
ARP poisoning involves sending forged ARP messages to a local area network to associate the attacker's MAC address with the IP address of another host, such as the default gateway. This redirection of traffic through the attacker's machine allows them to intercept, read, or modify communications between two legitimate parties without their knowledge, which is the definition of a Man-in-the-Middle (MiTM) attack.
MAC flooding overwhelms a switch's CAM table, causing it to broadcast all traffic to all ports (acting as a hub), which facilitates sniffing but is a distinct technique from ARP poisoning and is not itself generally referred to as a MiTM attack.
DHCP sniffing involves monitoring or manipulating DHCP traffic for network reconnaissance or configuration changes, but it is not the primary mechanism used to reroute general network traffic through an attacker in a MiTM scenario.
Concept tested: ARP poisoning as MiTM attack
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swipsnoo.html
Topics
Community Discussion
No community discussion yet for this question.
