Sniffing Attacks
Attack Pattern ID: 157 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description


An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.

+ Attack Prerequisites

Any target that transmits readable data could be attacked in this way. Cryptographic techniques that render a data-stream unreadable can thwart this type of attack.

+ Resources Required

The attacker must be able to intercept the transmissions containing the data of interest. Depending on the medium of transmission and the path the data takes between the sender and recipient, the attacker may require special equipment and/or require that this equipment be placed in specific locations.

+ Related Weaknesses
CWE-IDWeakness NameWeakness Relationship Type
311Missing Encryption of Sensitive DataTargeted
+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern117Data Interception Attacks 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern158Sniffing Information Sent Over Public/multicast Networks 
Mechanism of Attack (primary)1000