Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

What is a Network Sniffer Used For?

Sniffer is another word for network analyzer. A network analyzer decodes the data packets of common protocols and displays the network traffic in a readable format.

When used by malicious individuals, sniffers can represent a significant threat to the security of a network. Network intruders use sniffing to capture confidential information, and the terms sniffing and eavesdropping are often associated with this practice.

Using a sniffer in an illegitimate way is considered a passive attack, because it does not directly interface or connect to any other systems on the network. A sniffer can also be installed as part of the compromise of a computer on a network using an active attack. The passive nature of sniffers is what makes detecting them difficult.

Intruders use sniffers on networks for:

Capturing cleartext usernames and passwords
Discovering the usage patterns of users on a network
Compromising proprietary information
Capturing and replaying Voice over IP (VoIP) telephone conversations
Mapping the layout of a network
Passive OS fingerprinting

The above are all illegal uses of a sniffer unless you are a penetration tester whose job is to find and report these types of weaknesses.

For sniffing to occur, an intruder must first gain access to the communication cable of the systems of interest, which means being on the same shared network segment or tapping into the cable somewhere between the communications path. If the intruder is not physically present at the target system or communications access point, there are still ways to sniff networking traffic including:

Breaking into a target computer and installing remotely controlled sniffing software.
Breaking into a communications access point (e.g. Internet Service Provider) and installing sniffing software.
Locating a system at the Internet Service Provider that has sniffing software installed.
Using social engineering to gain physical access to an Internet Service Provider in order to install a packet sniffer.
Having an inside accomplice at the target computer organization or the Internet Service Provider install the sniffer.
Redirecting or copying communications to take a path that includes the intruder's computer.

Sniffing programs are included with most rootkits that are typically installed on compromised systems. Rootkits are used to cover the tracks of an intruder by replacing commands and utilities and clearing log entries. Intruders also install other programs such as sniffers, key loggers, and backdoor access software.

Intruders often use sniffing programs that are configured to detect specific things (e.g. passwords), and then electronically send them to the intruder (or store them for later retrieval by the intruder).

Intruders may also use sniffer programs to control back doors. One method is to install a sniffer on a target system that listens for specific information and then sends the backdoor control information to a neighboring system. This type of backdoor control is hard to detect because of the passive nature of sniffers.

Wireshark and Ethereal Network Protocol Analyzer Toolkit

Click here for more information.

Wireshark and Ethereal Network Protocol Analyzer Toolkit provides complete information and step-by-step instructions for using the open source Ethereal network analyzer software. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereal's graphical user interface.

More Networking Basics:
• Network Cabling For Beginners
• Turning Your Home into a Wi-Fi Network
• Degree verses Computer Certifications
• Synchronous, Asynchronous, Isochronous. What Does it Mean?
• Network+ Certification Exam Tutorial - DHCP And RARP
• What is DNS?
• What is IPv6 Anycast Routing?
• Introduction To IP Addressing and Networking
• Wireshark and Ethereal Network Protocol Analyzer Toolkit
• Network+ Certification Exam Tutorial - How And When To Use Virtual LANs (VLANs)
Menu - More
Networking Basics

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro



Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2019 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268