Sniffing is the electronic form of eavesdropping on the communications that computers transmit across networks. In early networks, the equipment that connected machines allowed every machine on the network to see the traffic of all others. These devices, repeaters and hubs, were very successful in connecting machines, but allowed an attacker easy access to all traffic on the because the attacker only needed to connect to one point to see the entire network’s traffic.
Sniffing is one of the most effective techniques in attacking a wireless network, whether it is mapping the network to gain information, to grab password, or to capture unencrypted data.
Sniffing is a powerful tool in the hands of a hacker. Sniffers usually act as network probes or snoops, examining network traffic but not intercepting or altering it.
How a Sniffer works?
Once a hacker has found possible networks to attack, one of their first tasks is to identify the target. Many organizations are nice enough to include their names or addresses in the network name.
The Sniffer program works by asking a computer, specifically its Network Interface Card (NIC), to stop ignoring all the traffic headed to other computers and pay attention to them. It does this by placing the NIC in a state known as promiscuous mode.
Once a NIC is promiscuous mode, a machine can see all the data transmitted on its segment. The program then begins to constantly read all information entering the PC through the network card.
Data traveling along the network comes as frames, or packets, bursts of bits formatted to specific protocols. Because of this strict formatting, the sniffer peels away the layers of encapsulation and decodes the relevant information stored in the packet sent, including the identity of the source computer, that of the targeted computer, and every piece of information exchanged between the two computer.
Even if the network administrator has configured his equipment in such a way as to hide information, there are tools available that can determine this information. Utilizing any well known network sniffing tools, an attacker can easily monitor the unencrypted networks.
Protocols Vulnerable to Sniffing:
Telnet and Re-login: With sniffing, keystrokes of a user can be captured as they are typed, including the user’s username and password. Some tools can capture all text and dump it into a terminal emulator, which can reconstruct exactly what the end user is seeing. This can produce a real time viewer on the remote user’s screen.