We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Networking

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is a Packet Sniffer?

By R. Kayne
Updated: May 16, 2024
Views: 85,071
Share

A packet sniffer is a device or program that allows the user to eavesdrop on traffic traveling between networked computers. The program will capture data that is addressed to other machines, saving it for later analysis.

All information that travels across a network is sent in "packets." For example, when an email is sent from one computer to another, it is first broken up into smaller segments. Each segment has the destination address attached, the source address, and other information such as the number of packets and reassembly order. Once they arrive at the destination, the packet's headers and footers are stripped away, and the packets are reconstituted.

In the example of the simplest network where computers share an Ethernet wire, all packets that travel between the computers are "seen" by every computer on the network. A hub broadcasts every packet to every machine or node on the network, then a filter in each computer discards packets not addressed to it. A packet sniffer disables this filter to capture and analyze some or all packets traveling through the Ethernet wire, depending on the sniffer's configuration. This is referred to as "promiscuous mode." As a result, if Ms. Wise on Computer A sends an email to Mr. Geek on Computer B, software set up on Computer D could passively capture their communication packets without either Ms. Wise or Mr. Geek knowing. This type of sniffing is very hard to detect because it generates no traffic of its own.

A slightly safer environment is a switched Ethernet network. Rather than a central hub that broadcasts all traffic on the network to all machines, the switch acts like a central switchboard: it receives packets directly from the originating computer, and sends them directly to the machine to which they are addressed. In this scenario, if Computer A sends an email to Computer B, and Computer D is in promiscuous mode, it still won't see the packets. Some people mistakenly assume a packet sniffer cannot be used on a switched network.

There are ways to hack the switch protocol, however. A procedure called ARP poisoning basically fools the switch to substituting the machine with the sniffer for the destination machine. After capturing the data, the packets can be sent to the real destination. The other technique is to flood the switch with MAC (network) addresses so that the switch defaults into "failopen" mode. In this mode it starts behaving like a hub, transmitting all packets to all machines to make sure traffic gets through. Both ARP poisoning and MAC flooding generate traffic signatures that can be detected with the right software.

These programs can also be used on the Internet to capture data traveling between computers. Internet packets often have very long distances to travel, passing through several routers that act like intermediate post offices. A sniffer might be installed at any point along the way, and it could also be clandestinely installed on a server that acts as a gateway or collects vital personal information.

A packet sniffer is not just a hacker's tool. It can be used for network troubleshooting and other useful purposes. In the wrong hands, however, this software can capture sensitive personal information that can lead to invasion of privacy, identity theft, and other serious problems.

The best defense against eavesdropping is a good offense: encryption. When strong encryption is used, all packets are unreadable to any but the destination address. Other programs can still capture packets, but the contents will be undecipherable. This illustrates why it is so important to use secure sites to send and receive personal information, such as name, address, passwords, and certainly any credit card information or other sensitive data. A website that uses encryption starts with https, and email can be made secure by encrypting with a program, some of which come with plug-ins for major email programs.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
By anon343592 — On Jul 31, 2013

Can someone use a packet sniffer to detect .dats on log files?

By anon258674 — On Apr 02, 2012

So how does this relate to halo?

By anon144800 — On Jan 20, 2011

article is easy to understand. thanks for detailed information.

By anon127373 — On Nov 16, 2010

Very helpful. thanks.

By anon96356 — On Jul 15, 2010

thanks for the article.

By anon63298 — On Jan 31, 2010

Please tell me how to use this Packet sniffer tool.

Share
https://www.easytechjunkie.com/what-is-a-packet-sniffer.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.