Subscribe by Email

Wednesday, January 6, 2010

Packet Sniffing

Packet sniffing is listening (with software) to the raw network device for packets that interest you. When your software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like "login" or "password."
Packet sniffing is a form of wire-tap applied to computer networks instead of phone networks. It came into vogue with Ethernet, which is known as a "shared medium" network. This means that traffic on a segment passes by all hosts attached to that segment. Ethernet cards have a filter that prevents the host machine from seeing traffic addressed to other stations. Sniffing programs turn off the filter, and thus see everyone's traffic.
A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic. Using the information captured by the packet sniffer an administrator can identify erroneous packets and use the data to pinpoint bottlenecks and help maintain efficient network data transmission.
The versatility of packet sniffers means they can be used to:
* Analyze network problems.
* Detect network intrusion attempts.
* Gain information for effecting a network intrusion.
* Monitor network usage.
* Gather and report network statistics.
* Filter suspect content from network traffic.
* Spy on other network users and collect sensitive information such as passwords .
* Reverse engineer proprietary protocols used over the network.
* Debug client/server communications.
* Debug network protocol implementations.

No comments:

Facebook activity