Sniffing What is it and How It Works?


  • What Is Sniffing and Packet Sniffing?

Packet sniffing, or packet analysis, is the process of capturing any data passed over the local network and looking for any information that may be useful(Sniffing). Most of the time, system administrators use packet sniffing to troubleshoot network problems (like finding out why traffic is so slow in one part of the network) or to detect intrusions or compromised workstations (like a workstation that is connected to a remote machine on port 6667 continuously when you don't use IRC clients), and that is what this type of analysis originally was designed for. But, that didn't stop people from finding more creative ways to use these tools. The focus quickly moved away from its original intent—so much so that packet sniffers are considered security tools instead of network tools now.

  • How do Packet Sniffers Work?

Packet sniffers work by intercepting and logging network traffic that they can 'see' via the wired or wireless network interface that the packet sniffing softwarehas access to on its host computer.

On a wired network, what can be captured depends on the structure of the network. A packet sniffer might be able to see traffic on an entire network or only a certain segment of it, depending on how the network switches are configured, placed, etc. On wireless networks, packet sniffers can usually only capture one channel at a time unless the host computer has multiple wireless interfaces that allow for multichannel capture.

Once the raw packet data is captured, the packet sniffing software must analyze it and present it in human-readable form so that the person using the packet sniffing software can make sense of it. The person analyzing the data can view details of the 'conversation' happening between two or more nodes on the network.

Network technicians can use this information to determine where a fault lies, such as determining which device failed to respond to a network request.

Hackers can use sniffers to eavesdrop on unencrypted data in the packets to see what information is being exchanged between two parties. They can also capture information such as passwords and authentication tokens (if they are sent in the clear). Hackers can also capture packets for later playback in replay, man-in-the-middle, and packet injection attacks that some systems may be vulnerable to.


  • Types of Packet Sniffing

There are basically three types of packet sniffing:

ARP Sniffing: ARP sniffing involves information packets that are sent to the administrator through the ARP cache of both network hosts. Instead of sending the network traffic to both hosts, it forwards the traffic directly to the administrator.
IP Sniffing: IP sniffing works through the network card by sniffing all of the information packets that correspond with the IP address filter. This allows the sniffer to capture all of the information packets for analysis and examination.
MAC Sniffing: MAC sniffing also works through a network card which allows the device to sniff all of the information packets that correspond with the MAC address filter.

  • How To Protect From Sniffing?

Use "https"-encrypted websites: Look up at the address bar of the website you're on now, and every time you're online. If you see an icon of a lock and https:// in the address bar, you're connected to a secure website. 

When that's the case, all your transmissions, back and forth, are encrypted and can't be read by a hacker. Even if he were to sniff out the data, it would be unreadable.
Use a VPN: A Virtual Private Network routes all your Internet activity through an encrypted network that a hacker can't invade and snoopers can't trace. This is the best way to be online in public, whether you're traveling, running a household, holed up in a hotel room on business, and more. Not only that, but a VPN also hides your actual IP address from anyone who might try to track it and trace it back to your computer. 

To use a VPN, you first have to choose an online VPN provider and open an account. The better ones are the services you pay for. 

No comments:

Powered by Blogger.