As the name suggests, eavesdropping is clearly listening to communication traffic for the purpose of repeating it. The repetition can take the form of recording the data to a storage device or to an extraction program that dynamically tries to extract the primary content from the traffic stream. Once a copy of traffic content is in the hands of a cracker, they can usually extract many forms of secret data, such as usernames, passwords, process procedures, and so on.
Eavesdropping regularly needs physical access to the IT infrastructure to connect a physical recording device to an open port or cable splice or to install a software recording tool onto the system. It’s usually facilitated by the use of a network traffic capture or monitoring software or a protocol analyzer system (usually called a sniffer).
Eavesdropping devices and programs are normally hard to detect because they are used in passive attacks. When eavesdropping is transformed into changing or injecting communications, the attack is considered an active attack.
The popular threat of eavesdropping is one of the primary motivations to secure communications. It is easier to intercept data that is in transit than data that is in storage.