29-12-2012, 12:07 PM
Packet Sniffing
1Packet Sniffing.pptx (Size: 105.41 KB / Downloads: 122)
Introduction
Packet Sniffer Definition:
A packet sniffer is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic.
What are the components of a packet sniffer?
1. Hardware : standard network adapters .
2. Capture Filter : This is the most important part . It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer.
3. Buffers : used to store the frames captured by the Capture Filter .
4. Real-time analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection.
5. Decoder : "Protocol Analysis" .
How does a Sniffer Work?
Sniffers also work differently depending on the type of network they are in.
Shared Ethernet
Switched Ethernet
Packet Sniffer Mitigation
The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers.
Switched infrastructure—Deploy a switched infrastructure to counter the use of packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware designed to detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.
What are sniffers used for?
Detection of clear-text passwords and usernames from the network.
Conversion of data to human readable format so that people can read the traffic.
Performance analysis to discover network bottlenecks.
Network intrusion detection in order to discover hackers.