Packet Sniffing
Packet sniffing is the act of intercepting and recording traffic that passes over a specific section or location on a network. As the data passes across the network, a packet sniffer application saves each packet for later use. Network administrators and law enforcement packet sniff for legitimate reasons, but rogue actors who use the captured traffic to steal private and corporate information also use it.
How does Packet Sniffing Work?
In normal network operations, a computer or networked device only looks at network packets that are addressed to the respective device. The remaining network traffic is ignored. A packet sniffer is setup in promiscuous mode on a network in order to record all network traffic that it sees. Depending on the packet sniffer’s location on the local network, the amount of traffic that it sniffs or sees varies significantly. Packet sniffing applications can be setup to record all traffic in an “unfiltered” mode or a subset of network traffic in “filtered” mode that meets specific data thresholds for being recorded. The data can then be stored in memory, on a hard drive, or even transmitted to a remote receiver depending on the specific packet sniffing program being used.
What are the uses for Packet Sniffing?
There are several uses for packet sniffing. Many ISPs use packet sniffers as network diagnostic tools. They maintain copies of data, email, and websites that users visit on their respective networks. Packet sniffing is also used to troubleshoot network issues and to conduct traffic analysis to help ensure that the quality of service metrics on a network are met. Packet sniffing can also be used to capture personal information such as account passwords, banking information, and email content that can then be used for identity theft, privacy invasion, and other malicious purposes.
How can One Defend Against Packet Sniffing?
The best way to defend against packet sniffing is to encrypt email. When strong enough encryption is used, packet sniffers can only determine an email’s destination address. The data can still be “Sniffed” or captured, but the encryption would have to be broken for the email to be read. Similarly, when passing sensitive information over the Internet, it is required that a website that supports a secure connection through the “HTTPS” protocol is used in order to prevent a packet sniffer from capturing information. A popular email encryption program that consumers use to defend against packet sniffing is the PGP (Pretty Good Privacy) standard. It has an email plug-in that is compatible with many of the major email clients.
|
|
- Frame vs Packet
A packet and a frame are both packages of data moving through a network. A packet exists at Layer 3 of the OSI Model, whereas a frame exists at Layer 2 of the OSI Model. Layer 2 is the Data Link Layer. The best known Data Link Layer protocol is Ethernet. Layer 3 is the [...]...
- Packet Sniffer
Packet sniffing is listening (with software) to the raw network device for interesting packets. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criterion for an interesting packet is one that contains words like “login” or “password.” To packet sniff, obtain or code a packet [...]...
- Packet Fragmentation
Every packet based network has an MTU (Maximum Transmission Unit) size. The MTU is the size of the largest packet that that network can transmit. Packets larger than the allowable MTU must be divided into smaller packets or fragments to enable them to traverse the network. Network Standard MTU Ethernet 1500 Token Ring 4096 Packet [...]...
- Packet Radio
Packet radio is a type of digital data transmission which is most commonly used to link two computers together. It is based on the X.25 protocol used previously by amateur radio enthusiasts. The new generation of this technology as it is used in packet radio is known as the AX.25 data link layer. Packet radio [...]...
- GPRS (General Packet Radio Service)
GPRS (General Packet Radio Service) is a specification for data transfer on TDMA and GSM networks. GPRS utilizes up to eight 9.05Kb or 13.4Kb TDMA timeslots, for a total bandwidth of 72.4Kb or 107.2Kb. GPRS supports both TCP/IP and X.25 communications. Fixed/Mobile Mobile Circuit/Packet Packet Max Bandwidth 107.2Kb Range Coverage area of host network Frequency [...]...