How does packet sniffing work?

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn14

A trending subject in the security world is encryption. Encryption is used to prevent packet-sniffing (also known as packet capturing or packet analyzing) attacks. Sniffing occurs when an unauthorized third party captures network packets destined for machines other than their own. Packet sniffing enables the attacker to look at transmitted content and may disclose passwords and secret data.

To use sniffing software, a hacker must have a promiscuous network card and specific packet driver software, must be connected to the network section they want to sniff, and must use sniffer software. By default, a network interface card (NIC) in a machine will regularly drop any traffic not destined for it. By placing the NIC in promiscuous mode, it will see any packet passing by it on the network wire. In order for a sniffer to gain traffic, it must physically be capable of capturing it. On switched networks, where each network drop is its own collision domain, packet sniffing by attackers can be more complex, but not impossible.

Packet-sniffing attacks are more popular in areas where several machine hosts share the same collision domain (such as a local LAN shared over an Ethernet hub) or over the Internet where the attacker might include a sniffer in between the source and destination traffic. For example, on a LAN, a limited privileged user may sniff traffic starting from an administrative account, hoping to get the password.

There are many open source sniffing tools, including tcpdump (or WinDump, the Windows version) and the easier-to-use Ethereal (www.ethereal.com).

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn14

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply