There are some tools that can capture network traffic, assemble data from those small network packets and display them in an easy to read and easy to understand format. These tools are called Packet Sniffers.
Uses of Packet Sniffer
A packet sniffer is a vital tool in administrators and developers toolkit. The major benefits of using a packet sniffer are:- - identify applications that generate unusual traffic
- - collect data for security analysis
- - highlight peaks and valleys in the demand of the network
- - debug application traffic
How Do Packet Sniffers Work?
Some application sniffers and network protocol analyzers work by putting the network card into so-called promiscuous mode. In normal mode, the network card will collect only packets addressed to its MAC Address. When the promiscuous mode is activated, the network card collects all packets on the same network segment. The main advantage of such packet sniffers is that they can "see" the network traffic not only from the computer, it's working on but from all computers in the same network segment. The main disadvantage of such packet sniffer is that it cannot decrypt the SSL traffic without retrieving the server certificate.Another method of intercepting the network traffic is installing a system driver on the computer where the protocol analyzer is working on. This limits the network packet analyzer to only to the host's computer but gives an ability to decode the SSL traffic by using techniques called Man-in-the-middle.
HTTP Debugger is an example of a packet sniffer for Windows that uses a software driver to intercept the network traffic and that can capture & decode the HTTPS traffic.
Uses of Network Packet Sniffer
Network Monitoring - packet sniffers are excellent for monitoring the use of the network at any time, helping network administrators to identify whether a certain network is overcrowded or not, identify bottlenecks and improve performance.Problem Identification - the packet sniffer can analyze the conversation between network nodes and, in the case of an error, discover invalid packets and identify the network node that failed to respond.
Debug Application Traffic - software developers may use a http sniffer tool to see all network traffic (both HTTP and HTTPS) between their application and the Internet and troubleshoot weird situations.
Illegal Use of Packet Sniffer
Packet sniffers may be used for legal and illegal activities. Hackers may use a packet sniffer software to gain unauthorized access to the confidential information and data in a network. A packet sniffer may be used in order to steal the information, which passes through the network, such as passwords and authentication tokens. In addition, hackers can capture packets for later reproduction in playback, packet injection and man in the middle attacks to which several systems can be vulnerable.Please keep in mind that such use of packet sniffers are illegal and stickily prohibited!
How-to Protect Network From Packet Sniffers?
To protect your network from being sniffed use encryptions such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL). Encryption does not prevent the packet sniffer from considering the source and destination data but encrypts the payload of the data packet so that everything the scanner sees will be encrypted. Any attempt to change or add data in the packet sniffers would fail.
