Sniffers are a type of networking tool that is able to inspect packets of data traveling through a network. Sniffers may either be special software created to capture data packets or a physical hardware device that is connected directly to a network. #In the case of software sniffers, the sniffer must be installed on a computer that has access to the target network. #Data packets captured by sniffers are usually legitimate communications from end users, however, there are times when a malicious actor may be lurking on the network.
#Types of Sniffing
#Active Sniffing Active sniffing, in short, involves flooding a target network with address resolution packets, or simply ARP. Since modern networks implement network switches and switches connect one device to another, a sniffer is able to view the traffic that passes through the switch. Additionally, active sniffing can also allow a hacker to alter the packets of data that are captured. Due to its aggressive nature, active sniffing is detectable by network administrators through the use of common networking technologies such as intrusion detection systems. As a result, active sniffing is not a commonly used method by hackers.
#Passive Sniffing Passive sniffing, however, can only be done on networks that implement hubs instead of switches. Since network hubs work by transferring network data to all connected devices, a sniffer is able to easily see all network traffic. Unlike active sniffing, passive sniffing is less direct and allows a hacker to remain relatively hidden on the network. As networking technology has progressed, the use of hubs in modern networks has greatly decreased.
#Popular Sniffing Tools #Wireshark Wireshark is a popular network sniffer used today. Given that it is free and easy to use allows almost anyone to begin sniffing for data packets. Additionally, Wireshark is available to download on Unix, Linux, and Windows operating systems. Some Linux distros even have Wireshark pre-installed.