Sniffer is another word for network analyzer. Network intruders use sniffing to capture confidential information, and the terms sniffing and eavesdropping are often associated with this practice.
Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Each year 1.5 million shelter animals are euthanized (670,000 dogs and 860,000 cats). Source: ASPCA. The solution is not to shelter unwanted pets, but to SHUT DOWN THE PET MILLS. Anyone who wants a pet will just have to adapt a great pet from a shelter.

Holiday Gift Guide
Holiday Gift Guide

What is a Network Sniffer Used For?

Sniffer is another word for network analyzer. A network analyzer decodes the data packets of common protocols and displays the network traffic in a readable format.

When used by malicious individuals, sniffers can represent a significant threat to the security of a network. Network intruders use sniffing to capture confidential information, and the terms sniffing and eavesdropping are often associated with this practice.

Using a sniffer in an illegitimate way is considered a passive attack, because it does not directly interface or connect to any other systems on the network. A sniffer can also be installed as part of the compromise of a computer on a network using an active attack. The passive nature of sniffers is what makes detecting them difficult.

Intruders use sniffers on networks for:

o Capturing cleartext usernames and passwords
o Discovering the usage patterns of users on a network
o Compromising proprietary information
o Capturing and replaying Voice over IP (VoIP) telephone conversations
o Mapping the layout of a network
o Passive OS fingerprinting

The above are all illegal uses of a sniffer unless you are a penetration tester whose job is to find and report these types of weaknesses.

For sniffing to occur, an intruder must first gain access to the communication cable of the systems of interest, which means being on the same shared network segment or tapping into the cable somewhere between the communications path. If the intruder is not physically present at the target system or communications access point, there are still ways to sniff networking traffic including:

o Breaking into a target computer and installing remotely controlled sniffing software.
o Breaking into a communications access point (e.g. Internet Service Provider) and installing sniffing software.
o Locating a system at the Internet Service Provider that has sniffing software installed.
o Using social engineering to gain physical access to an Internet Service Provider in order to install a packet sniffer.
o Having an inside accomplice at the target computer organization or the Internet Service Provider install the sniffer.
o Redirecting or copying communications to take a path that includes the intruder's computer.

Sniffing programs are included with most rootkits that are typically installed on compromised systems. Rootkits are used to cover the tracks of an intruder by replacing commands and utilities and clearing log entries. Intruders also install other programs such as sniffers, key loggers, and backdoor access software.

Intruders often use sniffing programs that are configured to detect specific things (e.g. passwords), and then electronically send them to the intruder (or store them for later retrieval by the intruder).

Intruders may also use sniffer programs to control back doors. One method is to install a sniffer on a target system that listens for specific information and then sends the backdoor control information to a neighboring system. This type of backdoor control is hard to detect because of the passive nature of sniffers.

Wireshark and Ethereal Network Protocol Analyzer Toolkit

Click here for more information.

Wireshark and Ethereal Network Protocol Analyzer Toolkit provides complete information and step-by-step instructions for using the open source Ethereal network analyzer software. Readers will then learn to install Ethereal in multiple environments including Windows, Unix and Mac OS X as well as building Ethereal from source and will also be guided through Ethereal's graphical user interface.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro



Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268