Sniffer – Understand how it works

19 November 2010 | In Tips | 12,8 thousand views | By

Click & share: 

snifferSniffers are programs that has as principle to capture network packets. It analyzes the network traffic and identify vulnerable areas. Suppose your network is experiencing slowness, crashes or data corruption. This can be a sign of invasion!

The Sniffers vary in their functionality and design. Some analyze only one protocol, While other podem analisar centenas. Como uma regra General, the most modern examine at least sniffers protocols:

  • Standard Ethernet
  • TCP/IP
  • IPX
  • DECNet

The sniffers can capture network packets by putting the network interface Ethernet for example, in passive mode. On local area networks the data travels from one machine to another by means of the cable in small units called frames. These frames are divided into sections that carry specific information. The sniffers impose a security risk by the way frames are transported and delivered.

Each workstation on a network site has its own hardware address. This address uniquely identifies that machine over all other network. When you send a message via the local network, their packages are sent to all connected machines (broadcast). This means that all machines on your network may “hear” This traffic, but only respond to data specifically addressed to them.

If a network interface of workstation operating in passive mode, It can capture all packets and frames on the network. A workstation configured that way (along with the software) is a sniffer.

The Sniffers represent a high risk level, because:

  • The sniffers can capture email passwords, credit card and other bills
  • The sniffers can capture logins, emails, private messages etc.
  • The sniffers can be used to open security holes nearby networks or acquire high-level access.

In fact, the existence of an unauthorized sniffer on your network can indicate that your system is already compromised. The sniffers capturarão all packets on the network but, in practice, It is very relative. A sniffer attack is not as easy as it looks, It requires knowledge in networks. Simply configure a sniffer and let it “Working” won't work for long, because even a network of only five stations transmit thousands of packages per hour. In a short time the log file of a sniffer can easily fill up a hard drive (If you're capturing all packages).

To overcome this problem, crackers usually store only the first 200 ~ 300 bytes of each packet. The user name and password are contained in this part, all they really want.

criptografiaTHE technology de segurança, in relation to this problem, has developed considerably. Some operating systems already employ packet-level encryption and, even if an attack sniffer to get valuable data, These data will be virtually unreadable. This represents an additional obstacle to be overcome only by those with a deeper knowledge of security, encryption and network.

The sniffers are extremely difficult to detect because they are passive programs. They do not store specific data in the operating system registry or hard drive, unless your username is very uninformed (and capture all packets altogether), they consume fewer network resources. You can find a sniffer on a machine using the MD5, as long as you have a decent database of original files of the installation. You will need to download the script md5check Automating the process.

Certainly, Search by a sniffer on a single machine is easy. However, find a sniffer on a large network is difficult. On the internet there are tools that can help you.

Suppose someone enters into an empty Office, disconnect a machine from the network and connect a laptop with the same IP. There is also so sniffers. This is even more difficult to detect, unless you're using network maps and is constantly checking the same.

If you suspect that someone “bugged” your network, look for tools that will help you. A tool que você pode testar chama-se TDR (Time Domain Reflectometer). The TDRs measure the spread or fluctuation of electromagnetic waves. A TDR attached to your local network will reveal unauthorized bridges “sucking” the data.

Preventive solutions are difficult and practically unviable. Instead, adopt a defensive approach. There are two very important defenses against sniffers:

  • Segmented topology
  • Encrypted sessions

The sniffers can only capture data on the same network segment. This means that the more you segmenting your network, less information a sniffer can collect. There are three network interfaces that a sniffer can't win:

  • Switches
  • Routers
  • Bridges

Encrypted sessions provide a different solution. Rather than worry about data being captured, you simply encrypts, i.e., cut your legividade. THE SSH (Secure Shell) is an example of a program that provides encrypted communications, replacing the old Telnet. Você pode adquirir uma versão livre para Linux by clicking here.

In Ivaiporã-PR, Computer engineer, Workgroup Administrator Tips in General. Passionate about technology and Informatics.

A bit about us

    The Group generally appeared in Tips 2007 from innovative ideas on troubleshooting problems faced daily by those who use the technology and computer science, both ordinary users and technicians. But where did, why and what is the purpose of this site?

Click here to read!

Siga o Dicas em Geral no Google+

Video of the week