Many computer system users have heard of such a thing as a sniffer. What it is, however, is far from fully understood. In addition, today we can distinguish a very limited circle of people who know how and where such programs and βironβ equipment are used. Let's try to figure out what's what.
Sniffer: what is it?
Let's start with the very definition of the term. To understand the essence of the matter, you just need to start by translating the word "sniffer". What it is? In the literal translation of the English concept, sniffer means "sniffer."
Simply put, this is a program or equipment capable of extracting the necessary information based on traffic analysis in the form of packets of transmitted or received data on the network, whether it is external network IP addresses, encrypted passwords or confidential data. Sniffers themselves can be used to the detriment and for good.
The main types of sniffers
As for the main types of sniffers, this may not necessarily be software installed on a computer terminal, or executed in the form of an online applet.
Often you can find sniffers in the form of "iron" equipment or components that combine both software and physical features. Based on this, the following types are included in the main classification of sniffers:
- software;
- hardware
- hardware and software;
- online components.
In the main classification, we can also distinguish between the direction of analysis. For example, such a variation as a password sniffer is most often encountered, the main task of which is to extract open or encrypted access codes to some information from data packets. There are sniffers that assume only the calculation of the IP addresses of a particular terminal in order to access the user computer and the information stored in it.
How it works?
The technology of intercepting network traffic is applicable exclusively to networks based on TCP / IP protocols and realizable connection via Ethernet network cards. Wireless networks can also be analyzed, all the same, after all, initially in such a system there is a wired connection (to a router, to a distributing laptop or a stationary PC).
Data transmission in the network is carried out not by a single unit, but by means of its separation into standard packages and segments, which upon receipt by the receiving party are combined into a single whole. The sniffer program is able to monitor all possible transmission channels of each segment, and at the time of transfer (forwarding) of unprotected packets to devices connected to the network (routers, hubs, switches, computers or mobile devices), the necessary data is extracted, which may contain the same passwords. Thus, cracking a password becomes a common thing in technology, especially if it is not encrypted.
But even with the use of modern password encryption technologies, it can be transmitted along with the corresponding key. If this is a public key, getting a password is easy. If the key is encrypted, the attacker can easily use some kind of decryptor program, which ultimately will also lead to data hacking.
Where is the network sniffer used?
The scope of use of sniffers is very peculiar. It is not necessary to think that any convenient sniffer in Russian is exclusively a tool of hackers trying to make unauthorized interference in network traffic in order to obtain some important information.
With equal success, sniffers can also be used by providers who, based on their data, analyze the traffic of their users, increasing the security of computer systems. Although such equipment and applications are called anti-sniffers, in fact they are the most common sniffers, as if working in the opposite direction.
Naturally, no one notifies users of such actions on the part of the provider, and there is no particular sense in this. An ordinary user is unlikely to be able to take some kind of countermeasure on their own. And for a provider, traffic analysis is often very important, because it can prevent attempts to interfere with the operation of networks from outside, because by analyzing access to transmitted packets, you can track unauthorized access to them at least on the basis of the same external IP addresses of devices trying to intercept transmitted segments. But this is the simplest example, since the whole technology is much more complicated.
Sniffer presence detection
For now, let us leave aside the concept of βsnifferβ. What it is, is already a little clear, now let's see by what signs you can determine the "wiretap" sniffer yourself.
If everything is in order with the computer system and the network or Internet connection works without failures, the first sign of outside interference is a decrease in the packet transfer rate, compared to the one declared by the provider. In Windows-systems by standard means the average user is unlikely to be able to determine the speed even when the network status menu is called up by clicking on the connection icon. Only the number of packets sent and received is indicated here.
In the same way, the performance in the "Task Manager" displays the necessary information in full, moreover, the decrease in speed can be associated with the limitations of the resource itself, which is accessed. It is best to use special analyzer utilities, which, incidentally, work on the principle of a sniffer. The only thing you need to pay attention to is that programs of this type after installation can cause errors that appear due to conflicts with firewalls (the built-in Windows firewall or third-party programs and hardware of the "iron" type). Therefore, at the time of the analysis, it is advisable to completely disable the protective screens.
Conclusion
That, in fact, is all that relates to such a thing as a sniffer. What is it from the point of view of a hacking tool or protection, in principle, should be clear. It remains to add a few words about online applets. They are mostly used by attackers to obtain the victim's IP address and access to confidential information. In addition to the fact that such an online sniffer performs its direct function, the IP address of the attacker also changes. In this regard, such applets are somewhat reminiscent of anonymous proxy servers that hide the real user IP. For obvious reasons, data on such Internet resources are not provided, since interference with the work of other people's computers using these seemingly officially posted programs is illegal and criminally punishable.