What is a Packet Sniffer ?
A Packet Sniffer is a program that can record all network packets that travel past a given network interface, on a given computer, on a network. It can be used to troubleshoot network problems, as well as to extract sensitive information such as Credentials from unencrypted Login Session's.
Below are various statements gathered from The Internet: -
A sniffer is a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently.
A sniffer can also be used illegitimately to capture data being transmitted on a network. A network router reads every packet of data passed to it, determining whether it is intended for a destination within the router's own network or whether it should be passed further along the Internet. A router with a sniffer, however, may be able to read the data in the packet as well as the source and destination addresses.
The term "sniffer" is occasionally used for a program that analyzes data other than network traffic. For example, a database could be analyzed for certain kinds of duplication.
What a sniffer is and how it works
Unlike telephone circuits, computer networks are shared communication channels. It is simply too expensive to dedicate local loops to the switch (hub) for each pair of communicating computers. Sharing means that computers can receive information that was intended for other machines. To capture the information going over the network is called sniffing.
Most popular way of connecting computers is through Ethernet. Ethernet protocol works by sending packet information to all the hosts on the same circuit. The packet header contains the proper address of the destination machine. Only the machine with the matching address is suppose to accept the packet. A machine that is accepting all packets, no matter what the packet header says, is said to be in promiscuous mode.
Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder once they obtain root to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net.
A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.
On TCP/IP networks, where they sniff packets, they're often called packet sniffers.
The popularity of packet sniffing stems from the fact that it sees everything. Typical items sniffed include:
- SMTP, POP, IMAP traffic
Allows intruder to read the actual e-mail.
- POP, IMAP, HTTP Basic, Telnet authenticationReads passwords off the wire in clear-text.
- SMB, NFS, FTP trafficReads files of the wire.
- SQL databseReads financial transactions and credit card numbers.