Network Sniffing (T1040)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Network Sniffing

Associated Tactics

  • Credential Access
  • Discovery

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Amazon Web Services. (n.d.). How Traffic Mirroring works. Retrieved March 17, 2022. AWS Traffic Mirroring
Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022. capture_embedded_packet_on_software
Google Cloud. (n.d.). Packet Mirroring overview. Retrieved March 17, 2022. GCP Packet Mirroring
Luke Paine. (2020, March 11). Through the Looking Glass — Part 1. Retrieved March 17, 2022. SpecterOps AWS Traffic Mirroring
Microsoft. (2022, February 9). Virtual network TAP. Retrieved March 17, 2022. Azure Virtual Network TAP
Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022. Rhino Security Labs AWS VPC Traffic Mirroring
US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020. US-CERT-TA18-106A