What is Packet Sniffer?

Packet sniffer can be software of a hardware device that is capable of intercepting or eavesdropping on the traffic on a system, or a particular segment of the network or the whole network depending upon its placement.

The data can be captured an saved for later analyses and data mining activities.
The communication between systems occurs in the form of small segments of data called packets.

When one system wants to send a file to another system, connection is initiated from the sender system to the receiver system through the means of transfer of packets.

The sender system will fragment the data that needs to be sent into packets of permissible size according to the network and the receiving system will put together the incoming packets to construct the data file.

All along the course of communication, i.e. connection establishment, data transfer and connection termination the data travels in the form of packets.

During normal communications, systems only respond to or listen for packets that are destined for their hardware address. But the packet sniffers disable this filter and put the network cards in promiscuous mode. This mode allows the network card to capture all the traffic that comes across on the Ethernet cable and store it into files via the packet sniffer.

There are good and bad uses of packet sniffers. Hackers may use this tool to eavesdrop on the data that is flowing across the cabling system and construct meaningful data out of the captured packets.

In case of HTTP, FTP, Telnet, SMTP, POP3 (if used without encryption) the data can be captured and completely reconstructed. This may reveal passwords and the malicious users are always looking for such kind of data.

The best way to evade giving out any information through any packet sniffing would be to use encryption while communicating. So effectively users can use HTTPS, FTPS, ESMTP, POP3 with encryption, etc.

On the other hand if we consider the good uses of a packet sniffer, packet sniffers can be used to monitor the bandwidth of the network, choke points in the network if any, the amount of network load on a particular system, etc. This would allow administrators to get a clear picture of the health of the network and make any modifications to the network if it is severely affected.

Most of the security tools today utilize packet sniffing techniques to capture packets as they move along the cabling systems. Common and well known examples of software packet sniffers include wireshark, ethereal, etc.


Internet Security Q & A

What is SHA-1?
SHA stands for Secure Hash Algorithm. SHA has been published by the...
What is Browser Helper Object (BHO)?
Browser Helper Objects also commonly known as BHOs are components of...

Internet Security Articles

Anonymous Web Proxy Servers
As soon as someone browses the Internet, the server logs their IP address...
Valuable Tips on Removing Viruses and Malware
In this article we are going to illustrate how you can go about removing...

Search

Internet Security Ads

Ask Question

Still cannot find answer for your security question?

 

Ask your question to our experts!

Copyright © 2011 SecuritySupervisor.com. All Rights Reserved.          Ask Question | Privacy | Legal | Links | Contact Us