Sniffing and spoofing are security threats that target the lower layers of the networking infrastructure supporting applications that use the Internet. Users do not interact directly with these lower layers and are typically completelyunaware that they exist. Without a deliber-ate consideration of these threats, it is impossible to build effective security into the higher levels.
Sniffing is a passive security attack in which a machine separate from the intended destination reads data on a network. The term “sniffing” comes from the notion of “sniffing the ether” in an Ethernet network and is a bad pun on the two meanings of the word “ether.” Passive security attacks are those that do not alter the normal flow of data on a communication link or inject data into the link.