When you transfer data to someone, it is broken down into small units called data packets. These data packets travel along the network path and reach the receiver in its’ original form. Just like eavesdropping, during this process, data packets may be compromised by a third-party. This is called Packet Sniffing.
Packet sniffing has many legitimate uses. Network engineers can use it to diagnose and troubleshoot network problems or to gather statistics about the performance of a given network. With the right privileges, it also gives them a detailed view of how devices connected to a network are communicating with each other, and so is invaluable when it comes to setting up strong security and encryption protocols in corporate environments.
However, Packet Sniffing also has less innocent uses. Because the technique is such a powerful way of accessing network traffic, including sensitive and confidential data, it has also become part of the hacker’s standard toolkit.
Packet Sniffers, also known as a packet analyzer, are the tools used to perform packet sniffing. The two types of packet sniffers are; filtered and unfiltered, where filtered is the one where only specific data packets are collected leaving out some information and the unfiltered being where all the data packets are collected.
With the help of a Packet analyzer, an attacker can (potentially) read all of the information being passed across a network. This includes the contents of emails, passwords, and potentially even financial information. Doing this requires that an attacker has the right privileges, of course, but these can often be obtained using a variety of other hacking tools, such as a man in the middle attack.
A hardware packet sniffer is designed to be plugged into a network and analyze it. A hardware packet sniffer comes in handy when trying to examine traffic of a specific network segment. A hardware packet sniffer can ensure that there is no packet loss due to cause like filtering and routing. Ideally, a hardware packet analyzer stores the collected packets or forwards them on to a collector that logs the data collected by the hardware packet sniffer for further examination.
Software packet sniffers are more common these days as they are open source. It is possible for any network interface attached to a network to receive every piece of network traffic that flows by, however, most are not configured to do so. A software packet sniffer configures the network interface so that is passes all network traffic.
This configuration is what is known as promiscuous mode, at least for most network adapters. Once a network interface is in the promiscuous mode, a packet sniffer functions to separate, reassemble and log all software packets that pass the interface. That traffic is then logged and used according to the packet sniffing requirements of the software.
A typical sniffing tool will be able to intercept:
On a wired network, how much of this data can be collected depends on the structure of the network. Typically, it would take multiple packet sniffers to capture data on an entire network and since only the network traffic received by the network adapter is stored, traffic that exists on the other side of routers may not be visible.
On wireless networks, a Packet Sniffer typically only has access to one channel at a time. In order to capture data on multiple network segments, or multiple wireless channels, a packet sniffer is needed on each segment of the network.
If you want to detect that a third-party on your network is using a sniffer tool, check out a tool called Antisniff.
Alternatively, use encryption such SSL (Secure Sockets Layer) or (Transport Layer Security). These protocols encrypt the information making it hard for the sniffer to analyze the data. Note, however, these network security protocols do not prevent the tool from seeing the source and destination of the traffic and can still monitor network.
A Virtual Private Network (VPN) works in a similar way. VPNs work by creating an encrypted ‘tunnel' between your computer network and the websites you visit. The best VPNs use military-grade encryption protocols that ensure that no-one, not even the government, can read the packets you send and receive.
Ideally, Government Agencies use Packet Sniffing to ensure data security, track an organisation's data or monitor internet traffic.
Businesses and Advertising Agencies may resort to Packet Sniffing as a source of making their advertisements available to more people surfing the internet, analyze their behaviors and alter their tastes and preferences.
Your ISP tracks your online activity to see if you are trying to access any malicious content or using up more bandwidth then what you have paid for.
Take a look at our other guides to ensure you can spot other types of attack.
Yes. You can use a network analyzer like Ping or Antisniff. The tool will send a packet to the target device. In a normal state, the system will respond to the ping packets. Some systems, however, may not respond due to certain security protocols and will show you a message like “request timed out”.
There are two types of packet sniffing, active and passive. Passive sniffing is used by network administrators to send traffic to different ports and monitor packets sent by others.
Tcpdump is the original packet sniffer which was launched in 1987. The software has evolved since its invention but remains largely unchanged. Currently, the most popular Packet Sniffer is Wireshark, which was previously known as Ethereal.
It is legal to sniff the packets of a network you own, however, packet sniffing is deemed illegal when it comes to networks you do not own. If you’re thinking about using a Packet Sniffer on a public network, the best advice is not to, however, it depends on the laws that prevail in your home country.
Technically speaking, it is possible to capture information regarding access points within range using wifi sniffing tools.
In the vast majority of countries, using a VPN is perfectly legal, and even recommended if you are working with critical or sensitive information.That being said, if you are traveling it is worth checking if the country you are in allows you to use your VPN: it is better to be safe than sorry.