A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Packet Sniffer

A program that reads or snoops on network traffic

Packet sniffers are software programs or computer hardware that intercept and log the traffic of data passing over a network or a part of the network.

Data travels back and forth over the network in small units of information called packets. A packet sniffer captures each packet and eventually decodes and analyzes its content. Depending on the network structure, one can analyze all or just parts of the traffic from a single machine within the network.

Packet sniffers can be used not only by network administrators to legitimately analyze and monitor network traffic, but also by malicious users to capture sensitive password or credit card information.

Packet sniffing software can be set to operate in "promiscuous mode," meaning that it listens to everything on the wire.

Packet sniffers are versatile and can be used for the following operations:

  • Analyze network problems
  • Detect network intrusion attempts
  • Gain information for effecting a network intrusion
  • Monitor network usage
  • Gather and report network statistics
  • Filter suspect content from network traffic
  • Spy on other network users and collect sensitive information such as passwords
  • Debug client/server communications

Protective Measures

Practices

  • Use encryption. The best way to secure against sniffing is to use encryption. While encryption doesn't prevent a sniffer from functioning, it ensures that what a sniffer reads is nonsense.
  • Switch to SSH (Secure Shell). SSH is fast becoming a standard method of connecting to a Unix/Linux machine, available from SSH Communications Security . An open source implementation  of SSH is also available.
  • Use https instead of http, if the site supports it. If you are concerned about the privacy of your email, try Hushmail  or Pretty Good Privacy (PGP) . Hushmail uses SSL to prevent others from reading your mail content in transit, whereas PGP uses encryption and signing mails to prevent others from reading it.
  • Use instant messenger (IM) programs with end-to-end encryption. Programs such as Trillian  and Jabber , also support communication via secure socket layer (SSL). The common IM programs (Yahoo, MSN, AOL, ICQ Messengers) have yet to support end-to-end encryption.

Tools

  • Anonymizers. The main purpose of these tools is to prevent your IP address from being read when you visit a Web site and then used to perform attacks on your computer.
  • Anti-sniff software. This software has the ability to monitor a network and detect if a computer is in promiscuous mode.

References

Links

My home page