Introduction to Sniffers

Introduction:

A sniffer, also known as a packet analyzer or network analyzer, is a tool used to capture and analyze network traffic. It is a software or hardware tool that intercepts and records data packets transmitted between computers or devices on a network.

Packet sniffers are commonly used for network troubleshooting, security analysis, and network optimization. They can be used to identify network problems such as congestion, packet loss, or improper configurations, and they can also be used to detect security threats such as network intrusions or unauthorized access attempts.

Packet sniffers work by capturing packets of data as they are transmitted on the network. These packets are then analyzed and displayed to the user in a human-readable format, allowing them to examine the contents of the packets and extract information from them.

Packet sniffers can be used on both wired and wireless networks, and they can capture data from a variety of network protocols, including TCP/IP, HTTP, FTP, and SMTP.

However, it is important to note that packet sniffers can also be used for malicious purposes, such as intercepting sensitive information such as passwords, credit card numbers, or personal information. Therefore, the use of packet sniffers should be regulated and used only for legitimate purposes with appropriate consent and legal authority.

A Sniffer is a program or tool that captures information over a network. There are 2 types of Sniffers: Commercial Sniffers and Underground Sniffers. 
 

1. Commercial Sniffers – 
   Commercial sniffers are used to maintain and monitor information over the network. These sniffers are used to detect network problems. Network General Corporation (NGC) is a company that offers commercial sniffers. These can be used for: 
   1. Fault analysis to detect problems in a network. 
       
   2. Performance analysis to detect network bottlenecks. 
       
2. Underground Sniffers – 
   Underground sniffers are malicious programs used by hackers to capture information over a network when underground sniffers are installed on the router, it can breach security of any network that passes through the router. It can capture: 
   1. Confidential messages like email. 
       
   2. Financial data like debit card details. 
       

Components of a Sniffer: 
To capture the information over the network sniffer uses the following components: 
 

1. Hardware – 
   Sniffers use standard network adapters to capture network traffic. 
    
2. Capture Driver – 
   Capture Driver captures network traffic from Ethernet wire, filters that network traffic for information that you want, and then stores the filtered information in a buffer. 
    
3. Buffer – 
   When a sniffer captures data from a network, it stores data in a buffer. There are 2 ways to store captured data – 
   1. You can store data until the buffer is filled with information 
       
   2. It is the round-robin method in which data in the buffer is always replaced by new data that is captured. 
       
4. Decoder – 
   The information that travels over the network is in binary format, which is not readable. you can use a decoder to interpret this information and display it in a readable format. A decoder helps you analyze how information is passed from one computer to other. 
    

Placement of Sniffer: 
The most common places where you can place sniffers are: 

1. Computer 
2. Cable wires 
3. Routers 
4. Network segments connected to the internet 
    

Some common sniffer programs are Ethereal, TCPDump, Snort.