CEH exam would check if you’re understanding the concept of Man in the middle attack(MiTM). It would also ask you to choose an example of MiTM or a tool can perform such attack.
The man-in-the middle attack is a way to intercept a communication between two systems. For instance, if you are trying to crack a router’s login page(http), the target is the TCP connection between client(your browser) and server(router’s login page).
While MiTM can be done in many forms, CEH exam would be likely asking about ARP poisoning, DNS cache poisoning and tools for the attack like these ones;
Q1. Which type of sniffing technique is generally referred as MiTM attack?
a. Password Sniffing
b. ARP Poisoning
c. Mac Flooding
d. DHCP Sniffing
Q2. Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server… (omitted) …What kind of attack is Susan carrying on?
A. A sniffing attack
B. A spoofing attack
C. A man in the middle attack
D. A denial of service attack
Q3. Eric has discovered a package of tools named Dsniff on the Internet…(omitted)…He was able to effectively intercept communications between the two entities and established credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?
C. ARP Proxy
D. Poisoning Attack
Q4. ARP poisoning is achieved in _____ steps
The attacker begins ARP posionin by sending a malicious ARP “reply” (because there was no previous ‘request’) to your router, associating attacker computer’s MAC address with target’s IP Address. -Step 1
At this point target’s router thinks the attacker’s computer is target’s computer(which is valid in the eyes of the router). Now, the attacker sends a malicious ARP reply to target’s computer. – Step 2
At this point, target’s computer thinks the attacker’s computer is target’s router and all traffic will go thru the attacker’s computer.
Q5. Which type of sniffing technique is generally referred as MiTM attack?
A. Password Sniffing
B. ARP Poisoning
C. Mac Flooding
D. DHCP Sniffing
Such tools like; PacketCreator, Ettercap, Dsniff, Cain and Abel will be useful for the attack.
We do have an ARP spoofing lab(here) that shows you how does MiTM work.