Technical Seminar on Packet Sniffing

BY
SAILATHA.S

A packet sniffer is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic. To capture the information going over the network is called sniffing. It is a "sniffing" program that lets someone listen in on computer conversations.

The original sniffers read the message headers of data packets on the network, giving administrators details about the addresses of senders and receivers, file sizes and other low-level information about those packets, in addition to verifying transmission. Using graphs and text-based descriptions, sniffers helped network managers evaluate and diagnose performance problems with servers, the network wire, hubs and applications.

A sniffer being used on a network to snoop passwords and anything else is considered to be a passive attack. A passive attack is one that doesn't directly intrude onto a foreign network or computer. On the other hand, an active attack directly interfaces with a remote machine.

 Types of Sniffers
Today, sniffers exist in two broad varieties: The first is a stand-alone product incorporated into a portable computer that consultants can carry to customer sites and plug into the network to gather diagnostic data. The second is part of a larger package of network-monitoring hardware and software for helping organizations keep tabs on their LANs, WANs and Web services.

Functions of sniffers

They provide administrators a centralized view of networks to monitor high-level activity, such as which applications are running, which users are logged on to the network and who is the source of unusually large files or high volumes of traffic. Conversion of data to human readable formats so that people can read the traffic.

Used along with Network intrusion detection in order to discover hackers/crackers.

1. Hardware : standard network adapters . 2. Capture Filter : This is the most important part . It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer. 3. Buffers : used to store the frames captured by the Capture Filter .

4. Real-time

analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection. 5. Decoder : "Protocol Analysis" . This displays the contents of network traffic with descriptive text so that an analysts can figure out what is going on. In the Packet Decoding view packets are decoded and displayed in a format that is comprehensible.

A packet sniffer can usually be set up in one of the two modes: Unfiltered - captures all of the packets Filtered - captures only those packets containing specific data elements Packets that contain targeted data are copied onto the hard disk as they pass through. These copies can then be analyzed carefully for specific information or patterns.

Ping method ARP method DNS method

Packet Sniffer Mitigation

The following techniques and tools can be used to mitigate sniffers: AuthenticationUsing strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. Switched infrastructureDeploy a switched infrastructure to counter the use of packet sniffers in your environment. Antisniffer toolsUse these tools to employ software and hardware designed to detect the use of sniffers on a network. CryptographyThe most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.

Wireshark Kismet Tcpdump Cain and Abel Ettercap Dsniff NetStumbler Ntop Ngrep EtherApe KisMAC

Detection of clear-text passwords and usernames from the network. Conversion of data to human readable format so that people can read the traffic. Performance analysis to discover network bottlenecks. Network intrusion detection in order to discover hackers.

Thus Sniffers capture packet traffic across a network,

usually an Ethernet. These can be placed surreptitiously

on your drives. Prevention of compromise is a two-fold process: encryption and compartmentalization.

Encrypted communications can be used to prevent the capture of passwords if a sniffer attack is underway