Sniffers - An Introduction
A sniffer is a piece of software that captures the traffic on a network. A sniffer can be a packet-capturing or frame-capturing tool. It intercepts traffic on the network and displays it in either a command-line or GUI format to view. They are available for several platforms in both commercial and open-source variations. Network Intrusion Detection Systems (NIDS) use sniffers to match packets against a rule-set designed to flag anything malicious or strange.
a hacker can use a sniffer to discover usernames,passwords, and other confidential information transmitted on the network. Several hacking attacks and various hacking tools require the use of a sniffer to obtain important information sent from the target system.
Any protocols that don’t encrypt data are susceptible to sniffing. Protocols such as
HTTP, POP3, Simple Network Management Protocol (SNMP), and FTP are most commonly
captured using a sniffer and viewed by a hacker to gather valuable information such
as usernames and passwords.
There are two different types of sniffing:
Passive sniffing: involves listening and capturing traffic, and is useful in a network connected by hubs.
active sniffing: involves launching an Address Resolution Protocol (ARP) spoofing or traffic-flooding attack against a switch in order to capture traffic.
How Can Users Protect Themselves?
These are some methods to protect against sniffing.
- Anti-Sniffing Tools
- Switched Networks
- Encryption
Some Popular sniffers
Tcpdump An established sniffer available for many platforms
Ethereal A powerful sniffer with a GUI and additional utilities for Unix and Windows
Snort A popular IDS, which can also be used as a sniffer
Ettercap A sniffer designed to work on switched networks
Dsniff A collection of tools which can sniff data on a switched network
0 comments:
Post a Comment