Packet Sniffer
[author:yung www.colasoft.com Public time:Jun 28, 2007] |
|
A "packet sniffer" is a utility that sniffs without modifying the network's packets in any way. By comparison, a firewall sees all of a computer's packet traffic as well, but it has the ability to block and drop any packets that its programming dictates. packet sniffers merely watch, display, and log this traffic.
One disturbingly powerful aspect of packet sniffers is their ability to place the hosting machine's network adapter into "promiscuous mode." Network adapters running in promiscuous mode receive not only the data directed to the machine hosting the sniffing software, but also ALL of the traffic on the physically connected local network. Unfortunately, this capability allows packet sniffers to be used as potent spying tools. This is obviously not an activity that I wish to promote on this site, and if non-promiscuous sniffing software were available I would be recommending it. But, unfortunately, all of the tools I have located avidly feature promiscuous sniffing capabilities.
A packet sniffer is a device or program that allows eavesdropping on traffic traveling between networked computers. The packet sniffer will capture data that is addressed to other machines, saving it for later analysis.
All information that travels across a network is sent in "packets." For example, when an email is sent from one computer to another, it is first broken up into smaller segments. Each segment has the destination address attached, the source address, and other information such as the number of packets and reassembly order. Once they arrive at the destination, the packet's headers and footers are stripped away, and the packets reconstituted.
In the example of the simplest network where computers share an Ethernet wire, all packets that travel between the various computers are "seen" by every computer on the network. A hub broadcasts every packet to every machine or node on the network, then a filter in each computer discards packets not addressed to it. A packet sniffer disables this filter to capture and analyze some or all packets traveling through the ethernet wire, depending on the sniffer's configuration. This is referred to as "promiscuous mode." Hence, if Ms. Wise on Computer A sends an email to Mr. Geek on Computer B, a packet sniffer set up on Computer D could passively capture their communication packets without either Ms. Wise or Mr. Geek knowing. This type of packet sniffer is very hard to detect because it generates no traffic of its own.
A slightly safer environment is a switched Ethernet network. Rather than a central hub that broadcasts all traffic on the network to all machines, the switch acts like a central switchboard. It receives packets directly from the originating computer, and sends them directly to the machine to which they are addressed. In this scenario, if Computer A sends an email to Computer B, and Computer D is in promiscuous mode, it still won't see the packets.
Otherinfo:http://www.colasoft.com/resources/packet_sniffer.php
http://www.colasoft.com
Printed From:http://www.free-press-release.com/news/200706/1183010257.html
Source:Free Press Release
Similar news >>
PacTex and Havasu Pipelines start open season for shipping contracts to Phoenix and Las Vegas. [Jul 11, 2007]
PackPal Folder Locker is a password protected software which can encrypt your files in seconds.
[May 19, 2007]
Packet Analyzer CAPSA: Handy Tool for Network Troubleshooting, Network Usage and Performance Monitor [Apr 11, 2007]
|
|
