What is Network Sniffing?
Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of data packets flowing over computer networks. It can be a hardware device or a separate software program or a combination of both. It is also called as packet sniffing, snoop, network probe, packet analyzer, network analyzer, or protocol analyzer. Basically, it examines traffic on the network and takes snapshot copies of the packet data.
Network sniffing is used for ethical as well as unethical purposes. Network administrators use these as network monitoring and analyser tools to diagnose and prevent network-related problems such as traffic bottlenecks. Cyber criminals use these as hacking tools to sniff, intercept, and steal private information such as user identities, passwords, login credentials, card details, emails, instant messages, data, and also for spoofing data.
Why is it called a Packet Sniffer
The Packet Sniffer is a tool used by network administrator to sniff each of the “packets” of data travelling over the network, in order to determine the health of network and diagnose network related issues. Hence, this tool is called as a Packet Sniffer. Cyber criminals/ hackers use these tools for spying on and stealing data from the network traffic.
Types of Packer Sniffers
There are many types of packet sniffers, the prominent ones are:
- ARP Sniffers: In ARP sniffing, the network traffic is not sent to the hosts, but it is sent to the ARP
cache of both network hosts, which is then forwarded to the network administrator. ARP Sniffers sniff the data
when it is in the ARP cache. The ARP sniffer is popular among hackers, as the data captured in the cache allows
them to create a map of the IP addresses and their associated MAC addresses. This map allows the hackers to
conduct packet-spoofing attacks, search for router-based vulnerabilities and ARP poisoning attacks.
- IP Sniffers: IP Sniffers sniff all the data that corresponds with a specific IP address filter. This
allows capturing of specific data packets for analysis and diagnosis. This method is also popular among hackers,
who use it for stealing data and also for stealing the TCP session. They also use this to create fake TCP
sessions, act as a man-in-the-middle and unleash MitM attacks.
- MAC sniffers: MAC sniffers sniff all the data that corresponds with a specific MAC address filter.
- LAN sniffers: These are deployed on internal LANs and they have the capability to scan the complete IP
- Protocol sniffers: These are used to sniff data that are related to the network protocols that are used on
- Web password sniffers: Hackers steal http sessions parse them to acquire login credentials, user IDs and passwords. While many websites protect their external facing webpages/websites with SSL, they do not use SSL or use lesser secure encryption for their internal webpages. Hackers can exploit this vulnerability.
How Packet Sniffing or Network Sniffer is used by Hackers?
Basically, hackers use Packet Sniffing or Network Sniffers for spying on network user traffic and collecting passwords. They use sniffers to eavesdrop on unencrypted data in the data packets to view the information that travels between two entities - client and server, user and web server and communication between two organizations. Hackers also use the capture packets for packet injection attacks, man-in-the-middle attacks and also for playing back the data in replay attacks.
How does Network Sniffing Work?
All networks use “packets” to send data. The size of a data file may be quite huge and sending it as a single packet would strain the network and cause congestion. The integrity of the data may also be affected. Hence, whenever a user sends a file or an email it is broken up into smaller parts or packets and then sent to the destination. Each data packet includes:
- Destination address
- Number of packets
- Reassembly order
- Source address
Once the data packet gets to its destination, all the footers and headers are removed, and the data is reconstituted. Every network and computer has a filter that discards any packets that aren’t addressed to it.
In Network Sniffing, the Packet sniffers intercept and log the network traffic through the packet sniffing software. Based on the capability of the software, a packet sniffer may be able to access traffic on the complete network or just a part of the network.
The packet sniffing software then analyses and converts it into a user-friendly form. This enables the hacker to function as a man in the middle and access the details of the communication between two parties/organizations. Unencrypted data is very vulnerable and hackers can gain access to passwords, authentication tokens and other credentials. Hackers use the captured packets for man-in-the-middle and packet injection attacks.
Network sniffing, like SSL sniffing is widely used by hackers, but it can also be used for network troubleshooting. Our product includes this and other security options to ensure the safety of your information, so contact us today to learn more.