How does packet sniffing work?

A trending subject in the security world is encryption. Encryption is used to prevent packet-sniffing (also known as packet capturing or packet analyzing) attacks. Sniffing occurs when an unauthorized third party captures network packets destined for machines other than their own. Packet sniffing enables the attacker to look at transmitted content and may disclose passwords and secret data.

To use sniffing software, a hacker must have a promiscuous network card and specific packet driver software, must be connected to the network section they want to sniff, and must use sniffer software. By default, a network interface card (NIC) in a machine will regularly drop any traffic not destined for it. By placing the NIC in promiscuous mode, it will see any packet passing by it on the network wire. In order for a sniffer to gain traffic, it must physically be capable of capturing it. On switched networks, where each network drop is its own collision domain, packet sniffing by attackers can be more complex, but not impossible.

Packet-sniffing attacks are more popular in areas where several machine hosts share the same collision domain (such as a local LAN shared over an Ethernet hub) or over the Internet where the attacker might include a sniffer in between the source and destination traffic. For example, on a LAN, a limited privileged user may sniff traffic starting from an administrative account, hoping to get the password.

There are many open source sniffing tools, including tcpdump (or WinDump, the Windows version) and the easier-to-use Ethereal (www.ethereal.com).

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience