 |
 What are sniffers?
Term “sniffer” can probably sound familiar to you, especially if security is one of your interests. But possibly you’re not pretty sure what a sniffer is and what it is used for.
The definition says that a sniffer is a program and/or device that monitors data transmitted over a network. On TCP/IP networks, where they sniff packets, they're commonly called packet sniffers.
Sniffers can be used both for legitimate network management functions and for stealing valuable personal information off a network.
Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. So hackers can intercept data packets which carry your passwords for mail server, ftp server and web sites.
The Internet works by sending data packets from one host to another. Each packet contains a block of data and a header block, and the header block will contain the information about the packet like its destination and origin addresses. The data part of the packet contains the information being sent on the network—it could be e-mail, Web pages, login information including passwords, e-commerce information including credit card numbers, and just about anything else floating around out there.
To prevent your data from being sniffed users can install anti-sniffer software (a firewall will not do anything to prevent packet sniffing). Anti-sniffers are scanning networks to determine if there are any sniffers trying to collect your data. These detection tools should run on a regular basis, since they act as an alarm of sorts, triggered by evidence of a sniffer.
However most home users do not need anti-sniffers. The simplest and efficient way to defend yourself against sniffing is to encrypt your data. The point is it’s almost impossible to prevent your data from being captured but it is possible to prevent it from being read.
This isn’t difficult to do, since many businesses and organizations have installed services that make use of Secure Socket Layers (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN) and other methods that provide secure messaging, web browsing and more. So an interceptor can see where traffic was going to and where it came from, but not what it carries.
The same thing goes to emails. Electronic message can be sniffed in many different ways. On its way to the addressee it passes through corporate firewalls, which may capture and analyze the traffic. It often gets logged and saved for extended periods of time. It may unintentionally end up in somebody else's mailbox.
The best way to keep such e-mail secret is to encrypt it. The two common ways of doing this are with PGP (Pretty Good Privacy) and S/MIME (Secure MIME that is build-in in the most popular mail clients).
Sniffers are also used legitimately by admins, security professionals, programmers and even ordinary users. They are exceptional tools for troubleshooting any type of network problem, since they can see the list of network connections and vital IP statistics and examine individual packets. Most of such sniffers can log captured data and save it for future analysis.
Sniffers can also be used to examine what is passing through your firewall, especially if your firewall does not provide logging of every single data packet. It is also possible to determine any leak that your system has.
In conclusion its important to note, sniffers can be very useful for both professionals and rookie users for inspecting their traffic. Remember that your data can be sniffed and use encrypting software to hide your secrets.
Here are the links to the most popular sniffers:
|
|
