During a post-engagement briefing, a consultant is asked to clarify how passive sniffing differs from active sniffing on Ethernet networks. Which of the following statements accurately summarizes the distinction between the two techniques?
Passive sniffing depends on repeatedly flooding the CAM table to force a switch into a fail-open state, while active sniffing only operates on hubs and never modifies network traffic.
Passive sniffing silently monitors whatever traffic is already visible on the interface, whereas active sniffing injects packets (for example ARP spoofing or MAC flooding) to make a switch forward additional frames to the attacker.
Passive sniffing requires access to a switch mirror/SPAN port to obtain packets, whereas active sniffing merely puts the NIC in promiscuous mode on a hub-based network.
Passive sniffing is restricted to wireless media working in monitor mode, whereas active sniffing is used exclusively on wired Ethernet segments.
Passive sniffing simply places the network interface in promiscuous (or monitor) mode and captures frames that are already visible on that medium-typically on hubs, splitters, or within a wireless channel-without altering traffic flow. Active sniffing is required on switched Ethernet segments where unicast frames are not naturally forwarded to every port; the attacker must inject crafted packets such as ARP-poison replies, MAC-flood frames, or STP/BPDU floods to force the switch to copy or divert traffic through the sniffer. Options claiming that passive sniffing needs CAM-table flooding, SPANāports, or is limited to wireless networks misstate the concept, and the assertion that active sniffing "never alters network state" contradicts the very definition of an active technique.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ARP spoofing used for in active sniffing?
Open an interactive chat with Bash
Why is promiscuous mode important for passive sniffing?
Open an interactive chat with Bash
What is the function of CAM table flooding in active sniffing?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .