12

I'm taking a coursera course, and they take pains when talking about network security to distinguish between eavesdropping and sniffing.

According to their definitions, sniffing involves reading or monitoring whole packets, whereas eavesdropping seems like it differs mostly by:

  1. finding incomplete packets rather than complete ones, and
  2. using Ettercap in addition to technologies like tcpdump and and wireshark.

Are these definitions standard? I'm not finding a lot of convergence elsewhere on the internet about these terms.

user3382203
  • 11
  • 10
fox
  • 243
  • 2
  • 6
  • Based on how you described it, they could be talking about the difference between *active* (intercepting traffic via a man-in-the-middle attack arp poison using ettercap) and *passive* monitoring which is whats seen incidentally like listening to a WiFi connection which you have the key for. If you would post an example of their definitions that may clear it up a bit more. – Daisetsu Oct 08 '18 at 03:38
  • They actually distinguish between active attacks that shape traffic vs. passive attacks that do things like observe data use and reuse cookies / credentials elsewhere. – fox Oct 08 '18 at 06:55

4 Answers4

21

Both are same kind of attacks. The difference is Eavesdropping could be in any form (Physical to logical), where the sniffing is more electronics/network related term.

Kay
  • 396
  • 2
  • 4
4

No, these definitions are not standard.

The difference as I've heard it in many cases is that sniffing is specific to actively intercepting communications, while eavesdropping can occur through a side channel or even unintentionally.

Metaphorically, sniffing is if you open my mail. Eavesdropping is when you listen in on me and Alice talking in the kitchen.

But I've yet to find a solid definition written down somewhere that is generally accepted.

Tom
  • 10,124
  • 18
  • 51
2

Eavesdropping vs. sniffing

According to their definitions, sniffing involves reading or monitoring whole packets, whereas eavesdropping seems like it differs mostly by 1. finding incomplete packets rather than complete ones, and 2. using Ettercap in addition to technologies like tcpdump and and wireshark.

Finding incomplete packets can be accomplished by hacking and scraping the memory, Ettercap Tcpdump and Wireshark are network analyzers that can sniff and analyze. Memory scraping can be accomplished by malware or hardware.

  • Eavesdropping literally means "hanging from the eave of a building so as to hear what is said within". While it can include wired and wireless interception it can also include placement of a microphone or physical proximity to overhear conversations.

    Direct wired connections to voice or data sources should operate losslessly but microphone interception of voice isn't guaranteed to be lossless, part of the communication may be missing.

    Use of a microphone provides a different source of information than packet sniffing, passwords or secret information might be disclosed to a microphone which are never sent by computer or communicated by phone line.

    Where an electronic device is used the information gathered can be retransmitted by wire or wirelessly, often in an encrypted burst to avoid detection.

  • Spying is done visually and may not involve eavesdropping, in the US the use of cameras without microphones isn't eavesdropping under US law. Takeover of TV, monitor and laptop webcams by malware is a legitimate concern but may not include the ability to packet sniff.

  • Packet sniffing, or sniffing, is interception of data packets by wire or air (wirelessly). It is a specific subset of eavesdropping which may include network analysis. It is usually lossless (all information is captured, possibly encrypted maybe not).

  • Surveillance is an all encompassing term covering all of the above and much more.

Rob
  • 530
  • 1
  • 3
  • 11
1

The difference is primarily intent.

Eavesdropping is the act of secretly listening to the conversation of another. An eavesdropper is always an adversary, not acting on the best interests of either party to the conversation.

Sniffing has no connotation of malicious or hostile intent. A network engineer may sniff traffic in order to determine if a router's rules are being implemented properly. A developer may sniff network traffic to determine if a protocol is properly implemented. A company may sniff the traffic of any of the computers on its network, concerned with protecting secrets, ensuring security, defeating malware, enforcing the law, or enforcing company policy (while this may be considered eavesdropping by the employee, when the network and computer equipment belongs to the company, and the company has informed the employees that their computer use is being monitored, the company is within its rights to defend itself.)

John Deters
  • 33,650
  • 3
  • 57
  • 110