If a computer is equipped with a packet sniffer between the controlling and receiving system, all packets can be read. Other systems will not notice anything, the packet sniffer only listens. The incoming packages often save the packet sniffer into a file so that viewing and analyzing it becomes possible. Packet sniffers often offer extensive possibilities here.
How does packet sniffing work?
Encryption is a hot topic in today’s market.Encryption is used to prevent packet-sniffing attacks. As said earlier, packet sniffing enables the attacker to look at transmitted content and may disclose passwords and secret data. Check: What is DDOS? How does it work? To use sniffing software, a hacker must have a promiscuous network card and specific packet driver software must be connected to the network section they want to sniff and must use sniffer software. By default, a network interface card (NIC) in a machine will regularly drop any traffic not destined for it. By placing the NIC in promiscuous mode, it will see any packet passing by it on the network wire. In order for a sniffer to gain traffic, it must physically be capable of capturing it. On switched networks, where each network drop is its own collision domain, packet sniffing by attackers can be more complex, but not impossible. Packet-sniffing attacks are more popular in areas where several machine hosts share the same collision domain (such as a local LAN shared over an Ethernet hub) or over the Internet where the attacker might include a sniffer in between the source and destination traffic. For example, on a LAN, a limited privileged user may sniff traffic starting from an administrative account, hoping to get the password. There are many open source sniffing tools, including tcpdump (or WinDump, the Windows version) and the easier-to-use Ethereal (www.ethereal.com).
