Request a Demo

What is Network Sniffing?

Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of data packets flowing over computer networks. It can be a hardware device or a separate software program or a combination of both. It is also called as packet sniffing, snoop, network probe, packet analyzer, network analyzer, or protocol analyzer. Basically, it examines traffic on the network and takes snapshot copies of the packet data.

Network sniffing is used for ethical as well as unethical purposes. Network administrators use these as network monitoring and analyser tools to diagnose and prevent network-related problems such as traffic bottlenecks. Cyber criminals use these as hacking tools to sniff, intercept, and steal private information such as user identities, passwords, login credentials, card details, emails, instant messages, data, and also for spoofing data.

Why is it called a Packet Sniffer

The Packet Sniffer is a tool used by network administrator to sniff each of the “packets” of data travelling over the network, in order to determine the health of network and diagnose network related issues. Hence, this tool is called as a Packet Sniffer. Cyber criminals/ hackers use these tools for spying on and stealing data from the network traffic.

Types of Packer Sniffers

There are many types of packet sniffers, the prominent ones are:

  • ARP Sniffers: In ARP sniffing, the network traffic is not sent to the hosts, but it is sent to the ARP cache of both network hosts, which is then forwarded to the network administrator. ARP Sniffers sniff the data when it is in the ARP cache. The ARP sniffer is popular among hackers, as the data captured in the cache allows them to create a map of the IP addresses and their associated MAC addresses. This map allows the hackers to conduct packet-spoofing attacks, search for router-based vulnerabilities and ARP poisoning attacks.

  • IP Sniffers: IP Sniffers sniff all the data that corresponds with a specific IP address filter. This allows capturing of specific data packets for analysis and diagnosis. This method is also popular among hackers, who use it for stealing data and also for stealing the TCP session. They also use this to create fake TCP sessions, act as a man-in-the-middle and unleash MitM attacks.

  • MAC sniffers: MAC sniffers sniff all the data that corresponds with a specific MAC address filter.

  • LAN sniffers: These are deployed on internal LANs and they have the capability to scan the complete IP range.

  • Protocol sniffers: These are used to sniff data that are related to the network protocols that are used on the network.

  • Web password sniffers: Hackers steal http sessions parse them to acquire login credentials, user IDs and passwords. While many websites protect their external facing webpages/websites with SSL, they do not use SSL or use lesser secure encryption for their internal webpages. Hackers can exploit this vulnerability.

Network Sniffing

How Packet Sniffing or Network Sniffer is used by Hackers?

Basically, hackers use Packet Sniffing or Network Sniffers for spying on network user traffic and collecting passwords. They use sniffers to eavesdrop on unencrypted data in the data packets to view the information that travels between two entities - client and server, user and web server and communication between two organizations. Hackers also use the capture packets for packet injection attacks, man-in-the-middle attacks and also for playing back the data in replay attacks.

How does Network Sniffing Work?

All networks use “packets” to send data. The size of a data file may be quite huge and sending it as a single packet would strain the network and cause congestion. The integrity of the data may also be affected. Hence, whenever a user sends a file or an email it is broken up into smaller parts or packets and then sent to the destination. Each data packet includes:

  • Destination address
  • Number of packets
  • Reassembly order
  • Source address

Once the data packet gets to its destination, all the footers and headers are removed, and the data is reconstituted. Every network and computer has a filter that discards any packets that aren’t addressed to it.

In Network Sniffing, the Packet sniffers intercept and log the network traffic through the packet sniffing software. Based on the capability of the software, a packet sniffer may be able to access traffic on the complete network or just a part of the network.

The packet sniffing software then analyses and converts it into a user-friendly form. This enables the hacker to function as a man in the middle and access the details of the communication between two parties/organizations. Unencrypted data is very vulnerable and hackers can gain access to passwords, authentication tokens and other credentials. Hackers use the captured packets for man-in-the-middle and packet injection attacks.

Network sniffing, like SSL sniffing is widely used by hackers, but it can also be used for network troubleshooting. Our product includes this and other security options to ensure the safety of your information, so contact us today to learn more.