What is a Packet Sniffer and How Does It Work?

A packet sniffer is a device that is used by network administrators to monitor the data that is being transmitted over a network. Packet sniffers are used for network management and network security and they can also be used by unauthorized users to steal information from a network. Hackers often use packet sniffers because they are very difficult to detect and can be installed in almost any location on the network.

How a Packet Sniffer Works

A packet sniffer can view a wide variety of information that is being transmitted over the network as well as the network it is linked to. Packet sniffers exist in the form of software or hardware and can capture network traffic that is both inbound and outbound and monitor password use and user names along with other sensitive information. A packet sniffer allows you to set the interface of the network to view all of the information that is transmitted over the network. When the data passes through the system, it is captured and stored in memory so the information can be analyzed.

The packet sniffer gets its name from normal computer usage where the individual computer inspects packets of data that match the address of the computer. However, with a packet sniffer, it can examine all of the data from all of the computers that are connected to the network by viewing every packet that is sent over the network. A packet sniffer that has been installed on the network is capable of examining all of your email contacts, email messages, downloaded files, Web sites you visited, and all of your audio and video activity.

Why Packet Sniffers Are Used

Packet sniffers are used for both legal and illegal activity. A legal packet sniffer is a commercial device used to assist with network management and maintenance and to provide network security. It is also used as a diagnostic tool for network backup systems and to examine the network system for any security breaches.

An illegal packet sniffer is used by a hacker to gain unauthorized access to sensitive information and data on a network. An illegal packet sniffer is installed without the knowledge of the IT administrator and hides in different areas of the network for the purpose of spying on and stealing the information packets that pass over the network.

Types of Packet Sniffing

There are basically three types of packet sniffing:

  • ARP Sniffing: ARP sniffing involves information packets that are sent to the administrator through the ARP cache of both network hosts. Instead of sending the network traffic to both hosts, it forwards the traffic directly to the administrator.
  • IP Sniffing: IP sniffing works through the network card by sniffing all of the information packets that correspond with the IP address filter. This allows the sniffer to capture all of the information packets for analysis and examination.
  • MAC Sniffing: MAC sniffing also works through a network card which allows the device to sniff all of the information packets that correspond with the MAC address filter.
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Spyware has many ways of getting onto your computer, such as:

When you download programs - particularly freeware, or peer-to-peer sharing programs.

More covertly, spyware can install itself just by you visiting certain sites, by prompting you to download an application to see the site properly.

ActiveX controls. These pesky spyware makers will prompt you to install themselves while using your Internet browser