What is a Packet Sniffer and How Does It Work?

A packet sniffer is a device that is used by network administrators to monitor the data that is being transmitted over a network. Packet sniffers are used for network management and network security and they can also be used by unauthorized users to steal information from a network. Hackers often use packet sniffers because they are very difficult to detect and can be installed in almost any location on the network.

How a Packet Sniffer Works

A packet sniffer can view a wide variety of information that is being transmitted over the network as well as the network it is linked to. Packet sniffers exist in the form of software or hardware and can capture network traffic that is both inbound and outbound and monitor password use and user names along with other sensitive information. A packet sniffer allows you to set the interface of the network to view all of the information that is transmitted over the network. When the data passes through the system, it is captured and stored in memory so the information can be analyzed.

The packet sniffer gets its name from normal computer usage where the individual computer inspects packets of data that match the address of the computer. However, with a packet sniffer, it can examine all of the data from all of the computers that are connected to the network by viewing every packet that is sent over the network. A packet sniffer that has been installed on the network is capable of examining all of your email contacts, email messages, downloaded files, Web sites you visited, and all of your audio and video activity.

Why Packet Sniffers Are Used

Packet sniffers are used for both legal and illegal activity. A legal packet sniffer is a commercial device used to assist with network management and maintenance and to provide network security. It is also used as a diagnostic tool for network backup systems and to examine the network system for any security breaches.

An illegal packet sniffer is used by a hacker to gain unauthorized access to sensitive information and data on a network. An illegal packet sniffer is installed without the knowledge of the IT administrator and hides in different areas of the network for the purpose of spying on and stealing the information packets that pass over the network.

Types of Packet Sniffing

There are basically three types of packet sniffing:

  • ARP Sniffing: ARP sniffing involves information packets that are sent to the administrator through the ARP cache of both network hosts. Instead of sending the network traffic to both hosts, it forwards the traffic directly to the administrator.
  • IP Sniffing: IP sniffing works through the network card by sniffing all of the information packets that correspond with the IP address filter. This allows the sniffer to capture all of the information packets for analysis and examination.
  • MAC Sniffing: MAC sniffing also works through a network card which allows the device to sniff all of the information packets that correspond with the MAC address filter.
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.