Sniffing is the process of monitoring and capturing all data packets that are passing through a computer network using packet sniffers. Packet Sniffers are used by network administrators to keep track of data traffic passing through their network. These are called network protocol analyzers. In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network.
Data packets captured from a network are used to extract and steal sensitive information such as passwords, usernames, credit card information, etc. Attackers install these sniffers in the system in the form of software or hardware. There are different types of sniffing tools used and they include Wireshark, Ettercap, BetterCAP, Tcpdump, WinDump, etc.
The Difference Between Sniffing and Spoofing
In sniffing, the attacker listens into a networks’ data traffic and captures data packets using packet sniffers. In spoofing, the attacker steals the credentials of a user and uses them in a system as a legitimate user. Spoofing attacks are also referred to as man-in-the–middle attacks since the attacker gets in the middle of a user and a system.
Types of Sniffing
There are two types of sniffing attacks, active sniffing and passive sniffing.
- Active sniffing – this is sniffing that is conducted on a switched network. A switch is a device that connects two network devices together. Switches use the media access control (MAC) address to forward information to their intended destination ports. Attackers take advantage of this by injecting traffic into the LAN to enable sniffing.
- Passive sniffing – passive sniffing uses hubs instead of switches. Hubs perform the same way as switches only that they do use MAC address to read the destination ports of data. All an attacker needs to do is to simply connect to LAN and they are able to sniff data traffic in that network.
Sniffing is detrimental to the user or a network system since a hacker can sniff the following information: email traffic, FTP passwords, web traffics, telnet passwords, router configuration, chat sessions, DNS traffic, etc.
How to Prevent Sniffing Attacks
Untrusted networks: users should avoid connecting to unsecured networks, which includes free public Wi-Fi. These unsecured networks are dangerous since an attacker can deploy a packet sniffer that can sniff the entire network. Another way an attacker can sniff network traffic is by creating their own fake–free public Wi-Fi.
Encryption: Encryption is the process of converting plaintext into gibberish in order to protect the message from attackers. Before leaving the network, the information should be encrypted to protect it from hackers who sniff into networks. This is achieved through the use of a virtual private network (VPN).
Network scanning and monitoring: Network administrators should scan and monitor their networks to detect any suspicious traffic. This can be achieved by bandwidth monitoring or device auditing.
In information security, ethical hackers also use sniffing techniques to acquire information that could help them penetrate a system. If used by professionals like ethical hackers, packet sniffers could help in identifying a system’s vulnerabilities.
Becoming a Certified Ethical Hacker (CEH) would put you on the front lines of being able to detect and mitigate these sniffing attacks, thereby keeping the network safe. You would learn all the techniques and tools hackers use to compromise systems, then use those same tools and techniques against the bad guys to help protect your clients.