For decades computer network administrators have used this type of technology for network monitoring and to conduct diagnostic tests and repair problems. In short, packet sniffing is the method used to see all kinds of information as is passes over the network it is linked to, but how does a packet sniffer work?
A packet sniffer is a piece of software or hardware capable of monitoring all network traffic. It is able to capture all incoming and outgoing traffic for example clear-text passwords, user names and other private or sensitive details.
A packet sniffer can be passive and therefore undetectable or active in which case it can be detected by software designed for the purpose of protecting privacy. A packet sniffer can be run on non-switched and switched networks.
In the scheme of things, a computer usually only examines a packet of data that corresponds to the computer’s address but with a packet sniffer you are able to set the network interface to ‘promiscuous mode’. In this case it examines ALL available information passing through it. The main domain server is a watchdog for all transmitted data.
As the data passes through the system it is copied and stored in memory or on a hard drive. The copies are then able to be studied and the information analyzed.
As soon as you connect to the internet, you ‘sign on’ to a network that is under the watch of your ISP. This network can communicate with other networks and in short forms the basis of the internet. If a packet sniffer is located at a server owned by your ISP, it has the potential to gain access to:
* The web sites visited.
* What is searched for on the site.
* Your e-mail recipients.
* The contents of your mail.
* Any files you download.
* A list of your audio, video and telephony options.
* A list of visitors to your website.
What is a Packet Sniffer Used For?
Packet sniffing programs are found in two forms and may be used legally or illegally. A commercial packet sniffer is used to assist in maintaining networks and an underground packet sniffer is one used by unscrupulous individuals to gain access to a remote host i.e. to hack into your system.
Packet sniffers can:
o Search for clear-text usernames and passwords from the network. o Convert network traffic into human readable form. o Analyze Networks to detect bottlenecks. o Detect network intruders .
How Does a Packet Sniffer Work?
A packet sniffer works by viewing every packet sent in the network. This includes packets not intended for itself. How does it do this?
Packet Sniffing methods
Three types of sniffing methods are used. Methods may work in non-switched networks or in switched networks.
These methods are:
IP-based sniffing, MAC-based sniffing, and ARP-based sniffing.
IP-based sniffing
I.P -based sniffing works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter and is the original type of packet sniffing. The IP address filtering isn’t switched on so the sniffing program is able to capture all the packets. This method will only function in non-switched networks.
MAC-based sniffing
MAC-based sniffing works by putting the network card into promiscuous mode and sniffing all packets that match the MAC address filter.
ARP-based sniffing
ARP-based sniffing doesn’t put the network card into promiscuous mode because ARP packets are sent to its administrators. This is because the ARP protocol is stateless. This means that sniffing can be done on a switched network.
To use ARP-based sniffing you will need to ‘poison’ the ARP cache of the two hosts you intend to investigate, identifying yourself as the other host in the connection. As soon as the ARP caches are poisoned the hosts connect but instead of sending the traffic directly to the other host it gets sent to the administrator who then logs the traffic and forwards it to the real host on the other side of the connection.
Who Uses a Packet Sniffer?
Packet sniffers are often used by ISP’s as a diagnostic tool for their back-up systems, so it is in fact a well-utilized form of technology. Packet sniffing is also sometimes used to investigate the habits and actions of criminals, for example in the FBI’s Carnivore System.
As I am sure you will appreciate from the above, packet sniffers can be a useful, relatively harmless tool or a potentially dangerous invasion of privacy. Packet sniffers are a perfect example of how technology may be used to help or to harm. Thankfully there are anti-sniffing tools available on the market aimed at protecting computer users from their unscrupulous use.