Thursday, 13 February 2014

Types of attacks - Sniffer Attack


What Sniffer Attack?
How Does a Sniffer Work? 
sniffer attack example

A sniffer is an application that can capture network packets. Sniffers are also known as network protocol analizers. While protocol analyzers are really network troubleshooting tools, they are also used by hackers for hacking network. If the network packets are not encrypted, the data within the network packet can be read using a sniffer

How Does a Sniffer Work? 

Before we can explore how a sniffer operates, it may be helpful to examine what enables the tool to work. During normal tasks such as Web surfing and messaging, computers are constantly communicating with other machines. (For an introduction to the way that the Internet and networking works, please see the SecurityFocus article A Beginner’s Guide to the Internet.) Obviously, a user should be able to see all the traffic traveling to or from their machine.

 Most PCs, however, are on a Local Area Network (LAN), meaning they share a connection with several other computers. If the network is not switched (a switch is a device that filters and forwards packets between segments of the LAN), the traffic destined for any machine on a segment is broadcast to every machine on that segment. This means that a computer actually sees the data traveling to and from each of its neighbors, but ignores it, unless otherwise instructed.


Packet sniffing is the interception of data packets traversing a network. A sniffer program works at the Ethernet layer in combination with network interface cards (NIC) to capture all traffic traveling to and from internet host site.

Further, if any of the Ethernet NIC cards are in promiscuous mode, the sniffer program will pick up all communication packets floating by anywhere near the internet host site.

A sniffer placed on any backbone device, inter-network link or network aggregation point will therefore be able to monitor a whole lot of traffic. Most of packet sniffers are passive and they listen all data link layer frames passing by the device's network interface. There are dozens of freely available packet sniffer programs on the internet. The more sophisticated ones allow more active intrusion.
The key to detecting packet sniffing is to detect network interfaces that are running in promiscuous mode. Sniffing can be detected two ways:
  1. Host-based : Software commands exist that can be run on individual host machines to tell if the NIC is running in promiscuous mode.
  2. Network-based : Solutions tend to check for the presence of running processes and log files, which sniffer programs consume a lot of. However, sophisticated intruders almost always hide their tracks by disguising the process and cleaning up the log files.
The best countermeasure against sniffing is end-to-end or user-to-user encryption.


What Sniffer Attack?
How Does a Sniffer Work? 
sniffer attack example

No comments:

Post a Comment