Acción de apoderarse ilegítimamente de una información, en claro o cifrada, transmitida por un canal.

Usualmente, se consigue captando las emisiones de radiofrecuencia del citado canal.

[Ribagorda:1997]

An attack in which an Attacker listens passively to the authentication protocol to capture information which can be used in a subsequent active attack to masquerade as the Claimant. [NIST-SP800-63:2013]

(I) Passive wiretapping done secretly, i.e., without the knowledge of the originator or the intended recipients of the communication. [RFC4949:2007]

Eavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network.

http://www.sans.org/security-resources/glossary-of-terms/

(I) A type of threat action whereby an unauthorized entity directly accesses sensitive data while the data is traveling between authorized sources and destinations. (See: unauthorized disclosure.)

Usage: This type of threat action includes the following subtypes:

·         "Theft": Gaining access to sensitive data by stealing a shipment of a physical medium, such as a magnetic tape or disk, that holds the data.

·         "Wiretapping (passive)": Monitoring and recording data that is flowing between two points in a communication system. (See: wiretapping.)

·         "Emanations analysis": Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but was not intended to communicate the data. (See: emanation.)

[RFC4949:2007]