Which technique enables MITM?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which technique enables MITM?

Explanation:
Man-in-the-middle on a local network is achieved by making traffic pass through the attacker’s device. ARP spoofing does this by poisoning ARP caches: a attacker sends forged ARP replies so that the victim and/or the gateway associate the attacker’s MAC address with the other device’s IP. As a result, traffic meant for the gateway (or the other host) is sent to the attacker, who can sniff or modify it before forwarding it on. While DNS spoofing can redirect a host to a malicious server and IP spoofing can impersonate another device, neither by itself reliably places the attacker in the middle of traffic on the LAN, and port scanning has no role in intercepting traffic. So the technique that directly enables MITM in this context is ARP spoofing.

Man-in-the-middle on a local network is achieved by making traffic pass through the attacker’s device. ARP spoofing does this by poisoning ARP caches: a attacker sends forged ARP replies so that the victim and/or the gateway associate the attacker’s MAC address with the other device’s IP. As a result, traffic meant for the gateway (or the other host) is sent to the attacker, who can sniff or modify it before forwarding it on. While DNS spoofing can redirect a host to a malicious server and IP spoofing can impersonate another device, neither by itself reliably places the attacker in the middle of traffic on the LAN, and port scanning has no role in intercepting traffic. So the technique that directly enables MITM in this context is ARP spoofing.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy