Threat actors may passively sniff network traffic to capture information about an environment, including authentication material passed over the network. Network sniffing refers to using the network interface on a system to monitor or capture information sent over a wired or wireless connection. Threat actors may place a network interface into promiscuous mode to passively access data in transit over the network, or use span ports to capture a larger amount of data.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.