Sunday, August 19, 2007

Sniffing through the Network Traffic!

A Packet sniffer is a program that monitors the network traffic passing through your computer. A packet sniffer that runs on a PC's that's connected to the Internet through a modem can tell you your current IP address as well as the IP address of Web servers of the sites you visit.

Sniffers are basically data interception programs .They work because the Ethernet was built around a principle of sharing. Most networks use what is known as Broad cast technology, which means that every message transmitted by one computer on a network can be read by any other computer on that network. However computers can be made to accept messages , even if they are not meant for the, by means of a sniffer.

A sniffer is usually passive- it only collects data . Hence, it becomes extremely difficult to detect a sniffer.When installed on a computer , it will generate some small amount of traffic ,though, and is therefore detectable.

Sniffing tools.

  • tcpdump : tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. One major drawback to tcpdump is the size of the flat file containing the text output. But tcpdump allows us to precisely view all the traffic and enables us to create statistical monitoring scripts.
  • sniffit : This is a robust packet sniffer with good filtering.
  • Ethreal : A free network protocol analyser for UNIX and Windows. It allows you to examine data from a live network or from a captured file on disk.
  • Hunt : The main goal of the HUNT project is to develop toosl for exploiting well-known weaknesses in the TCP/IP protocol suite.
  • Dsniff : Dsniff is a collection of tools for network auditing and penetration testing. dsniff , filesnarf ,mailsnarf , msgsnarf , url snarf and webspy passively monitor a network for inetersting data (passwords, email, files etc ) . arpspoof , dnsspoof and macof facilitate the interception of network traffic normally unavailable to an attacker 9 e.g., due to Layer-2 switching).

No comments: