Many computer network users, in general, are unfamiliar with the concept of “sniffer”. What is a sniffer, let’s try and determine, in plain language, an unprepared user. But for starters, you still have to delve into the predestination of the term itself.
Sniffer: what is sniffer in terms of English and computer technology?
In fact, it is not at all difficult to determine the essence of such a software or hardware-software complex if you simply translate the term.
This name comes from the English word sniff (sniff). Hence the meaning of the Russian term “sniffer”. What is sniffer in our understanding? “Sniffer”, capable of monitoring the use of network traffic, or, more simply, a spy who can interfere with the work of local or Internet-oriented networks, extracting the information he needs based on access via TCP / IP data transfer protocols.
Traffic analyzer: how does it work?
Let us make a reservation right away: a sniffer, whether it is a software or conditional-software component, is able to analyze and intercept traffic (transmitted and received data) exclusively through network cards (Ethernet). What is it?
The network interface is not always protected by a firewall (again, software or hardware), and therefore the interception of transmitted or received data becomes just a matter of technology.
Inside the network, information is transmitted in segments. Within one segment, it is supposed to send data packets to absolutely all devices connected to the network. Segmented information is forwarded to routers (routers), and then to switches (switches) and hubs (hubs). Information is sent by splitting packets, so that the end user receives all parts of the packet connected together from completely different routes. Thus, “listening” to all potential routes from one subscriber to another or the interaction of an Internet resource with a user can give not only access to unencrypted information, but also to some secret keys that can also be sent in such an interaction process. And here the network interface is completely unprotected, because there is a third party intervention.
Good intentions and malicious goals?
Sniffers can be used to the detriment and for good. Not to mention the negative impact, it is worth noting that such hardware and software systems are often used by system administrators who try to track user actions not only on the network, but also their behavior on the Internet in terms of visited resources, activated downloads to computers, or sending from them .
The technique by which the network analyzer works is quite simple. Sniffer determines the outgoing and incoming traffic of the machine. However, we are not talking about internal or external IP. The most important criterion is the so-called MAC-address, unique to any device connected to the global web. It is on this basis that each machine in the network is identified.
Types of Sniffers
But by type they can be divided into several main ones:
- hardware
- software;
- hardware and software;
- online applets.
Behavioral Detection of a Sniffer Online
You can detect the same WiFi sniffer by the load on the network. If you see that the data transfer or connection is not at the level that the provider claims (or the router allows), you should immediately pay attention to this.
On the other hand, a provider can also launch a software sniffer to track traffic without the user's knowledge. But, as a rule, the user does not even guess about it. But the organization that provides communication and Internet connection services thus guarantees the user complete security in terms of flood interception, self-installing clients of diverse peer-to-peer networks, trojans, spies, etc. But such tools are more likely software and do not have a special effect on the network or user terminals.
Online resources
But an online type traffic analyzer can be especially dangerous. Using sniffers, a primitive computer hacking system is built. The technology in its simplest version boils down to the fact that the cracker is initially registered on a specific resource, then uploads a picture to the site. After confirming the download, a link to an online sniffer is issued, which is sent to a potential victim, for example, in the form of an e-mail or the same SMS message with the text like “You received a congratulation on that. To open a picture (postcard), click on the link ".
Naive users click on the specified hyperlink, as a result of which the recognition and transmission of the external IP address to the attacker is activated. With the appropriate application, he will be able to not only view all the data stored on the computer, but also easily change the system settings from the outside, which the local user will not even guess about, taking this change as a virus exposure. Yes, only the scanner will show zero threats during the scan.
How to protect yourself from data interception?
Whether it is a WiFi sniffer or any other analyzer, there are still protection systems against unauthorized scanning of traffic. There is only one condition: they need to be installed only with full confidence in the “wiretap”.
Such software is most often called "anti-sniffers." But if you think about it, these are the same sniffers that analyze traffic, but block other programs trying to gain unauthorized access.
Hence the legitimate question: is it worth it to install such software? Perhaps hacking it from hackers will do even more harm, or will it itself block what should work?
In the simplest case with Windows systems, it is better to use the built-in firewall (firewall) as protection. Sometimes there may be conflicts with the installed antivirus, but this often applies only to free packages. Professional purchase or monthly activated versions of such shortcomings are deprived.
Instead of an afterword
That's all for the concept of "sniffer." What is sniffer, I think, many have already realized. Finally, the question remains in another: how correctly will such an ordinary user use such things? And you see, among young users you can sometimes notice a tendency to computer hooliganism. They think that hacking someone else's “computer” is something like an interesting competition or self-assertion. Unfortunately, none of them even thinks about the consequences, but it’s very easy to identify an attacker using the same online sniffer by his external IP, for example, on the WhoIs website. However, the location of the provider will be indicated as the location, however, the country and city will be determined exactly. Well, then it’s small: either a call to the provider to block the terminal from which unauthorized access was made, or a legal case. Draw your own conclusions.
With the installed program for determining the location of the terminal from which an access attempt is being made, the situation is even simpler. But the consequences can be disastrous, because not all users use those hehe anonymizers or virtual proxies and do not even have a clue how to hide their IP on the Internet. And it would be worth learning ...