Order
Toll-free 24/7:
+13478098481
Order

Packet Sniffing

Sniffing In short, packet sniffing is the method used to see all kinds of information as is passes over the network it is linked to, but how does a packet sniffer work? A packet sniffer is a piece of software or hardware capable of monitoring all network traffic. It is able to capture all incoming and outgoing traffic for example clear-text passwords, user names and other private or sensitive details. Packet sniffing is a form of wire-tap applied to computer networks instead of phone networks. It came into vogue with Ethernet, which is known as a “shared medium” network.

This means that traffic on a segment passes by all hosts attached to that segment. Ethernet hardware contained a filter that prevented the host machine from actually seeing any other traffic than that belonging to the host. Sniffing programs turn off the filter, and thus see everyones traffic. In the scheme of things, a computer usually only examines a packet of data that corresponds to the computer’s address but with a packet sniffer you are able to set the network interface to ‘promiscuous mode’. In this case it examines ALL available information passing through it.

Get your 100% original paper on any topic done
in as little as 4 hours
Write My Essay

As the data passes through the system it is copied and stored in memory or on a hard drive. The copies are then able to be studied and the information analyzed. The captured information is decoded from raw digital form into a human-readable format that permits users of the protocol analyzer to easily review the exchanged information As soon as you connect to the internet, you ‘sign on’ to a network that is under the watch of your ISP. This network can communicate with other networks and in short forms the basis of the internet.

If a packet sniffer is located at a server owned by your ISP, it has the potential to gain access to:

  •  The web sites visited
  •  What is searched for on the site
  •  Your e-mail recipients
  • The contents of your mail
  •  Any files you download
  • A list of your audio, video and telephony options
  •  A list of visitors to your website

Switched vs. Non-Switched In a non-switched network environment packet sniffing is an easy thing to do. This is because network traffic is sent to a hub which broadcasts it to everyone. Switched networks are completely different in the way they operate.

Switches work by sending traffic to the destination host only. This happens because switches have CAM tables. These tables store information like MAC addresses, switch ports, and VLAN information [1]. Before sending traffic from one host to another on the same local area network, the host ARP cache is first checked. The ARP cache is a table that stores both Layer 2 (MAC) addresses and Layer 3 (IP) addresses of hosts on the local network. If the destination host isn’t in the ARP cache, the source host sends a broadcast ARP request looking for the host. When the host replies,the traffic can be sent to it.

The traffic goes from the source host to the switch, and then directly to the destination host. This description shows that traffic isn’t broadcast out to every host, but only to the destination host, therefore it’s harder to sniff traffic. Passive Vs. Active Sniffing Sniffers are a powerful piece of software. They have the capability to place the hosting system’s network card into promiscuous mode. A network card in promiscuous mode can receive all the data it can see, not just packets addressed to it. Passive Sniffing If you are on a hub, a lot of traffic can potentially be affected.

Hubs see all the traffic in that particular collision domain. Sniffing performed on a hub is known as passive sniffing. Passive sniffing is performed when the user is on a hub. Because the user is on a hub, all traffic is sent to all ports. All the attacker must do is to start the sniffer and just wait for someone on the same collision domain to start sending or receiving data. Collision domain is a logical area of the network in which one or more data packets can collide with each other. Passive sniffing worked well during the days that hubs were used.

The problem is that there are few of these devices left. Most modern networks use switches. That is where active sniffing comes in. Active Sniffing When sniffing is performed on a switched network, it is known as active sniffing. Active sniffing relies on injecting packets into the network that causes traffic. Active sniffing is required to bypass the segmentation that switches provided. Switches maintain their own ARP cache in a special type of memory known as Content Addressable Memory (CAM), keeping track of which host is connected to which port.

Sniffers operate at the Data Link layer of the OSI model. This means that they do not have to play by the same rules as applications and services that reside further up the stack. Sniffers can grab whatever they see on the wire and record it for later review. They allow the user to see all the data contained in the packet, even information that should remain hidden. The terms active and passive sniffing has also been used to describe wireless network sniffing. They have analogous meaning. Passive wireless sniffing involves sending no packets, and monitoring the packets send by the others.

Active sniffing involves sending out multiple network probes to identify APs. How Does a Packet Sniffer Work? A packet sniffer works by viewing every packet sent in the network. This includes packets not intended for itself. How does it do this? Three types of sniffing methods are used. Methods may work in non-switched networks or in switched networks. These methods are: IP-based sniffing I. P -based sniffing works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter and is the original type of packet sniffing.

The IP address filtering isn’t switched on so the sniffing program is able to capture all the packets. This method will only function in non-switched networks. MAC-based sniffing MAC-based sniffing works by putting the network card into promiscuous mode and sniffing all packets that match the MAC address filter.

ARP-based sniffing doesn’t put the network card into promiscuous mode because ARP packets are sent to its administrators. This is because the ARP protocol is stateless.

This means that sniffing can be done on a switched network. Once a hacker has found possible networks to attack, one of their first tasks is to identify the target. Many organizations are nice enough to include their names or addresses in the network name. The Sniffer program works by asking a computer, specifically its Network Interface Card (NIC), to stop ignoring all the traffic headed to other computers and pay attention to them. It does this by placing the NIC in a state known as promiscuous mode.

Once a NIC is promiscuous mode, a machine can see all the data transmitted on its segment. The program then begins to constantly read all information entering the PC through the network card. Data traveling along the network comes as frames, or packets, bursts of bits formatted to specific protocols. Because of this strict formatting, the sniffer peels away the layers of encapsulation and decodes the relevant information stored in the packet sent, including the identity of the source computer, that of the targeted computer, and every piece of information exchanged between the two computer.

Even if the network administrator has configured his equipment in such a way as to hide information, there are tools available that can determine this information. Utilizing any well known network sniffing tools, an attacker can easily monitor the unencrypted networks. Modes: On wired broadcast and wireless LANs, to capture traffic other than unicast traffic sent to the machine running the sniffer software, multicast traffic sent to a multicast group to which that machine is listening, and broadcast traffic, the network adapter being used to apture the traffic must be put into promiscuous mode; some sniffers support this, others don’t. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the service set for which the adapter is configured will usually be ignored. To see those packets, the adapter must be in monitor mode. Who Uses a Packet Sniffer? Packet sniffers are often used by ISP’s as a diagnostic tool for their back-up systems, so it is in fact a well-utilized form of technology. Packet sniffing is also sometimes used to investigate the habits and actions of criminals, for example in the FBI’s Carnivore System.

As I am sure you will appreciate from the above, packet sniffers can be a useful, relatively harmless tool or a potentially dangerous invasion of privacy. Packet sniffers are a perfect example of how technology may be used to help or to harm.

The versatility of packet sniffers means they can be used to:

  • Analyze network problems
  • Detect network intrusion attempts
  • Detect network misuse by internal and external users
  • Documenting regulatory compliance through logging all perimeter and endpoint traffic
  • Gain information for effecting a network intrusion
  • Isolate exploited systems
  • Monitor WAN bandwidth utilization Monitor network usage (including internal and external users and systems)
  • Monitor data-in-motion
  • Monitor WAN and endpoint security status
  • Gather and report network statistics
  • Filter suspect content from network traffic
  • Serve as primary data source for day-to-day network monitoring and management
  • Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
  • Reverse engineer proprietary protocols used over the network
  • Debug client/server communications
  • Debug network protocol implementations Verify adds, moves and changes
  • Verify internal control system effectiveness (firewalls, access control, Web filter, Spam filter, proxy)

 Having looked at what they are, why they work and how they are used, it is easy to view sniffers as both dangerous threats and powerful tools. Every user should understand they are vulnerable to these types of attacks and their best defense lies in encryption. Administrators and professionals need to know that these programs are superb diagnostic utilities that can, unfortunately, be used with malicious intent on any network.

We will write a custom Essay on Packet Sniffing specifically for you for only $16.05 $13/page

805 certified writers online

Order Now

Need help with your Assignment?

Give us your paper requirements,and we’ll deliver the highest-quality essay at only $13 a page.

Order with discount
Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with MyStudyWriters
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Managerial Accounting & Legal Aspects of Business ACC/543
excellent work
Customer 452773, February 7th, 2024
Business and administrative studies
Thank you
Customer 452773, March 19th, 2023
Business and administrative studies
excellent job! got an A, thank you
Customer 452773, May 24th, 2023
Psychology
Thank you!
Customer 452545, February 6th, 2021
Business and administrative studies
excellent paper
Customer 452773, March 3rd, 2023
Business and administrative studies
Excellent work ,always done early
Customer 452773, February 21st, 2023
Philosophy
Thank you
Customer 452811, February 17th, 2024
Nursing
I just need some minor alterations. Thanks.
Customer 452547, February 10th, 2021
ACC543MANAGERIALACCOUNTINGANDLEGALASPECTS
excellent
Customer 452773, January 25th, 2024
Management
Love this writer!!! Great work
Customer 452597, April 5th, 2021
Nursing
Impressive writing
Customer 452547, February 6th, 2021
FIN571
excellent
Customer 452773, March 15th, 2024
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat
Check the price of your paper
Show more
Close

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Order with discount
Before you leave
Receive a guaranteed discount when ordering four or more pages
4
You'll get 15% discount
use discount
Live ChatWhatsApp