Packet Sniffing

- By Aarti Dhone
 Introduction
Packet Sniffer Definition:

A packet sniffer is a wire-tap device that plugs

into computer networks and eavesdrops on
the network traffic.
 What are the components of a
packet sniffer?
1. Hardware : standard network adapters .
2. Capture Filter : This is the most important
part . It captures the network traffic from the
wire, filters it for the particular traffic you
want, then stores the data in a buffer.
3. Buffers : used to store the frames captured
by the Capture Filter .
 What are the components of a
packet sniffer?

4. Real-time analyzer: a module in the packet

sniffer program used for traffic analysis and
to shift the traffic for intrusion detection.

5. Decoder : "Protocol Analysis" .

 How does a Sniffer Work?

Sniffers also work differently depending on the

type of network they are in.
1. Shared Ethernet
2. Switched Ethernet
 How can I detect a packet
sniffer?

 Ping method
 ARP method
 DNS method
 Packet Sniffer Mitigation

Host A Host B
Router A Router B

 The following techniques and tools can be used to mitigate sniffers:

 Authentication—Using strong authentication, such as one-time
passwords, is a first option for defense against packet sniffers.
 Switched infrastructure—Deploy a switched infrastructure to counter
the use of packet sniffers in your environment.
 Antisniffer tools—Use these tools to employ software and hardware
designed to detect the use of sniffers on a network.
 Cryptography—The most effective method for countering packet
sniffers does not prevent or detect packet sniffers, but rather renders
them irrelevant.
 Top 11 Packet Sniffers
 Wireshark
 Kismet
 Tcpdump
 Cain and Abel
 Ettercap
 Dsniff
 NetStumbler
 Ntop
 Ngrep
 EtherApe
 KisMAC
Working of Cain & Abel
 What are sniffers used for?
 Detection of clear-text passwords and
usernames from the network.
 Conversion of data to human readable format
so that people can read the traffic.
 Performance analysis to discover network
bottlenecks.
 Network intrusion detection in order to
discover hackers.
 References
 http://netsecurity.about.com/cs/hackertools/a/aa1
21403.htm
 http://e-articles.info/e/a/title/Packet-Sniffing:-
Sniffing-Tools-Detection-Prevention-Methods/
 http://sectools.org/sniffers.html
 http://en.wikipedia.org/wiki/Cain_and_Abel_(softw
are)
 http://www.authorstream.com/Presentation/chin
mayzen-79529-packet-sniffers-education-ppt-
powerpoint/
 http://www.youtube.com/watch?v=O00LENbtiIw
Thank You !
Questions ?