What is a Network Sniffer Used For?

Sniffer is another word for network analyzer. A network analyzer decodes the data packets of common protocols and displays the network traffic in a readable format.

When used by malicious individuals, sniffers can represent a significant threat to the security of a network. Network intruders use sniffing to capture confidential information, and the terms sniffing and eavesdropping are often associated with this practice.

Using a sniffer in an illegitimate way is considered a passive attack, because it does not directly interface or connect to any other systems on the network. A sniffer can also be installed as part of the compromise of a computer on a network using an active attack. The passive nature of sniffers is what makes detecting them difficult.

Intruders use sniffers on networks for:

Capturing cleartext usernames and passwords
Discovering the usage patterns of users on a network
Compromising proprietary information
Capturing and replaying Voice over IP (VoIP) telephone conversations
Mapping the layout of a network
Passive OS fingerprinting

The above are all illegal uses of a sniffer unless you are a penetration tester whose job is to find and report these types of weaknesses.

For sniffing to occur, an intruder must first gain access to the communication cable of the systems of interest, which means being on the same shared network segment or tapping into the cable somewhere between the communications path. If the intruder is not physically present at the target system or communications access point, there are still ways to sniff networking traffic including:

Breaking into a target computer and installing remotely controlled sniffing software.
Breaking into a communications access point (e.g. Internet Service Provider) and installing sniffing software.
Locating a system at the Internet Service Provider that has sniffing software installed.
Using social engineering to gain physical access to an Internet Service Provider in order to install a packet sniffer.
Having an inside accomplice at the target computer organization or the Internet Service Provider install the sniffer.
Redirecting or copying communications to take a path that includes the intruder's computer.

Sniffing programs are included with most rootkits that are typically installed on compromised systems. Rootkits are used to cover the tracks of an intruder by replacing commands and utilities and clearing log entries. Intruders also install other programs such as sniffers, key loggers, and backdoor access software.

Intruders often use sniffing programs that are configured to detect specific things (e.g. passwords), and then electronically send them to the intruder (or store them for later retrieval by the intruder).

Intruders may also use sniffer programs to control back doors. One method is to install a sniffer on a target system that listens for specific information and then sends the backdoor control information to a neighboring system. This type of backdoor control is hard to detect because of the passive nature of sniffers.

Wireshark and Ethereal Network Protocol Analyzer Toolkit

Click here for more information.

Wireshark and Ethereal Network Protocol Analyzer Toolkit provides complete information and step-by-step instructions for using the open source Ethereal network analyzer software. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereal's graphical user interface.

Learn more at

More Networking Basics:
• Network Classifications: LAN, WAN, WLAN, SAN, MAN, and PAN
• What is a Network Sniffer Used For?
• Packet Switching Store-and-Forward Transmission
• Cloud Delivery Models
• How to Study For and Pass the CompTIA Network+ Exam
• Satellite Broadband Internet Service
• What is DNS?
• Computer Networking Basics
• What You Need to Know About a Career as a Network Engineer
• Network Cabling For Beginners