CAPEC-158: Sniffing Network Traffic

In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.

Medium

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-158 (Sniffing Network Traffic) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-158: Sniffing Network Traffic

Overview

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-158?

How do you prevent CAPEC-158?

What weaknesses does CAPEC-158 target?

How severe is CAPEC-158?

References

Defend against CAPEC-158

Overview

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Related weaknesses

Related attack patterns

Parent

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-158?

How do you prevent CAPEC-158?

What weaknesses does CAPEC-158 target?

How severe is CAPEC-158?

References

Defend against CAPEC-158