Network Sniffing is a process of monitoring and capturing all data packets passing through a given network using sniffer tools.
It is a form of wiretap applied to computer networks.
Many enterprises switch ports are open.
Anyone in the same physical location can plug into the network using an Ethernet Cable.
How a Sniffer Works
Sniffer turns the NIC of a system to the promiscuous mode so that it listen to all the data transmitted on its segment.
A sniffer can constantly monitor all the network traffic to a computer through the NIC by decoding the information encapsulated in the data packet.
How Packet Analyzers Are Works:-
There’s a wide range of applications for packet sniffers. Most packet sniffers can be used inappropriately by one person and for legitimate reasons by another.
A program that captures passwords, for example, could be used by a hacker, but the same tool might be used by a network administrator to find network statistics like available bandwidth.
Network sniffing is also used to test firewall or web filters, and to troubleshoot client/server relationships.
Types of Network Sniffer
1, Active Sniffing
Active sniffers is used to sniff a switch-based network.
Active sniffers involves injecting address resolution packets (ARP) into the network to flood the switch Content Addressable Memory (CAM) table, CAM keeps track of which host is connected to which port.
Also Read: How to hack wifi using kali linux
2. Passive Sniffing
Passive Sniffer means sniffer through a hub, on a hub the traffic is sent to all ports.
It involves only monitoring of the packets sent by others without sending any additional data packets in the network traffic.
In a network that use hubs to connect systems, all hosts on the network can see all traffic therefore attacker can easily capture traffic going through the hub.
Hub usage is out-dated today. Most Modern networks use Switches.
You Also look For Why Ethical Hacking is Neccessary
Sniffing in the Data Link Layer of the OSI Model
Sniffers operate at the Data Link Layer of the OSI Model
Networking layers in the OSI Model are designed to work idenpendently of each other; if a sniffer sniff data in the Data Link Layer, the Upper OSI Layer will not be aware of the sniffing.
How An Attacker Hacks the Networks Using Sniffers
Protocols Vulnerable For Sniffing
Network Sniffer Tool: – Wireshark
Wireshark (formerly known as Ethereal) is widely recognized as the world’s most popular network sniffer. It’s a free, open source application that displays traffic data with color coding to indicate which protocol was used to transmit it.
On Ethernet networks, its user interface displays individual frames in a numbered list and highlights by separate colors whether they are sent through TCP, UDP, or other protocols.
Wireshark also groups message streams sent back and forth between a source and destination (which are intermixed over time with traffic from other conversations).
Wireshark supports traffic captures through a start/stop push button interface. The tool also contains filtering options that limit what data is displayed and included in captures. That’s a critical feature since most network traffic contains routine control messages that aren’t of interest.
Many different probing software applications have been developed over the years. Here are just a few examples:
- Cain And Abel
- Microsoft Message Analyzer
Issues with Network Sniffers
Sniffer tools offer a great way to learn how network protocols work. However, they also provide easy access to some private information such as network passwords. Check with the owners to get permission before using a sniffer on their network.
Network probes only intercept data from networks their host computer is attached to. On some connections, sniffers only capture the traffic addressed to that particular network interface. In any case, the most important thing to remember is that anyone looking to use a network sniffer to spy on traffic will have a difficult time doing so if that traffic is encrypted.