Sniffers
A sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network.. A packet sniffer is a program that eavesdrops on the network traffic. Like a telephone wiretap allows one to listen in on other people's conversations, a "sniffing" program lets someone listen in on computer conversations. Sniffing is the act by a machine S of making copies of a network packet sent by machine A intended to be received by machine B. Once a copy is made, the sniffer program can do, time and resources permitting, an arbitrary computation on the copy such as displaying it nicely in a GUI window. A sniffer can be used for a good purpose: to audit your own network, and to demonstrate the insecurity of plaintext network protocols. A sniffer machine can be discovered by other network tools.
In this lecture, we are considering sniffers where the sniffer (program/ machine) S network-topologically sits between A and B. But, be aware that it is possible to route the messages between A and B to go past S when A and B are on different subnets.
Sniffer activity occurs widely within organizations. It is no longer a newsworthy item. So, we can find only the following. In 1994, a sniffer program was installed by unidentified individuals at PANIX (Public Access to UNIX in New York). Within days, thousands of user names and passwords were stolen. Shortly thereafter, a similar incursion was successfully accomplished at BarNet in California.
Examples of Sniffers
Below is a select list of example sniffers from the open source archives. Visit http://www.packetstormsecurity.org/ and search for "sniffers." Many of these work on both Linux and Windows.
1.tcpdump: The grand daddy of packet sniffers. Ships by default on many Linux distributions.
2.ethereal: Excellent GUI based sniffer. It can dissect many protocols.
3.hunt: A well written sniffer with some attack tools included.
4.Ettercap: Ettercap is a network sniffer for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. It can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection.
5.dsniff: As an article puts it, ``Dsniff is the Swiss army knife of privacy invasion''. The package ships with a handful of nasties: urlsnarf, msgsnarf, mailsnarf, webspy, dsniff etc.
6.sniffit: Clever little packet sniffer with good filtering. We will be using it in the experiment described below.
What Does Sniffed Data Look Like?
It is easy to grasp the concepts discussed above by watching a sniffer in action. The information in the following example was derived using tcpdump, a program that has been around for quite sometime and is available for many platforms. This particular snippet is an abbreviated exchange between a machine and the SecurityFocus Web server.
"CONTENT FROM HERE HAS BEEN REMOVED AS THE FEEDBURNER STOPPED THE SYNC PROCESS DUE TO THE INFORMATION LOCATED HERE " Only the subscribers will gte the complete information on this section
Prevention of Sniffing -Encryption
Encryption is the best protection against any form of traffic interception. It is reasonable to assume that at some point along a path, data can always be compromised. Therefore, your best defense is to ensure that traffic is essentially unreadable to everyone but the intended receiver. This isn’t difficult to do, since many organizations have deployed services that make use of Secure Socket Layers (SSL), Transport Layer Security (TLS) and other methods that provide secure messaging, web browsing and more. Use switches instead of hubs. However, many commercial switches can be "overwhelmed" into behaving as though they are hubs. Use Symantec pcAnywhere when you try to access any remote files or while transferring any contents. The encryption technology used in it will avoid any packet sniffing and also use Norton Internet Security to block any intrusion.
Sample Script:
http://blog.robbiefoust.com/2007/11/powershell-ip-packet-sniffer-script.html
This document is for educational purpose only.
Support us by making a link back to this post or simply bookmark this post for us. |
0 comments on "Sniffers | Packet Sniffers | How to use Sniffers | How to Prevent from Sniffers"
Subscribe in a Reader
Post a Comment