What is a Network Sniffer?
Sniffer can be either hardware or software, it is used to receive information transmitted over the network. The network can be running under various protocols. Including Ethernet, TCP / IP, ZPX, etc. (can also be a combination of several of these protocols). Sniffer is placed in such a way that the network interface (in this case, the Ethernet adapter) is in promiscuous mode so that it can intercept the content on the network.
The sniffer is different from a normal keyboard capture program (Key Capture). The keyboard capture program captures the key values entered on the terminal, while the sniffer captures real network messages. The sniffer accomplishes this by placing it on a network interface – setting the Ethernet card into a miscellaneous mode.
Ethernet was invented by Xerox’s Palo Aito Research Center (sometimes called PARC). The following brief information on the network (here for the Ethernet) on the form of transmission.
Data on the network is a small frame called (Ftame) transmission unit of the frame consists of several parts, different parts of the implementation of different functions. (For example, the first 12 bytes of Ethernet store the source and destination addresses, which tell the network: the source and destination of the data. The rest of the Ethernet frame stores the actual user data, TCP / IP header Or IPX packet header, etc.).
Frames are formed by specific software called network drivers and then sent over a network card to a network cable. Through the network cable to reach their destination machine, at the end of the target machine to perform the opposite process. The Ethernet card on the receiving end of the machine captures these frames and tells the operating system that the frames are arriving and then storing them. In this transmission and reception process, the sniffer will cause security problems.
Each station on the LAN has its own hardware address. These addresses uniquely represent the machines on the network (this is similar to the Internet address system). When a user sends a message, the message is sent to all available machines on the LAN.
In general, all the machines on the network can “listen” to the traffic they pass through but do not respond to messages that do not belong to them (in other words, workstation A does not capture data belonging to workstation B, but Simply ignore the data). If a network interface in the workstation is in the miscellaneous mode, it can capture all the messages and frames on the network.
Sniffer is such a hardware or software that can “listen” to (rather than ignore) all the information transmitted over the Internet. In this sense, every machine, every router is a Sniffer (or at least that they can become a Sniffer). This information is stored on the media for later inspection.
Sniffer can be (and usually is) a combination of software and hardware, the software can be a common network analyzer with a relatively strong debug function, or is a real Sniffer. Sniffer must be located in the network ready for Sniffer work, it can be placed anywhere in the network segment.
Sniffer becomes a great danger because:
- Attacker can capture passwords;
- Attacker can intercept confidential or proprietary information;
- Attacker can be used to attack adjacent networks or to obtain higher levels of access.
You can view the series Sniffer Tutorial below: