A Sniffer is a program or tool that captures information over a network. There are 2 types of Sniffers: Commercial Sniffers and Underground Sniffers.
- Commercial Sniffers –
Commercial sniffers are used to maintain and monitor information over the network. These sniffers are used to detect network problems. Network General Corporation (NGC) is a company that offers commercial sniffers. These can be used for:
- Fault analysis to detect problems in a network.
- Performance analysis to detect network bottlenecks.
- Underground Sniffers –
Underground sniffers are malicious programs used by hackers to capture information over a network.when an underground sniffers installed on router, it can breach security of any network that passes through the router. It can capture:
- Confidential messages like email.
- Financial data like debit card details.
Components of a Sniffer:
To capture the information over the network sniffer uses the following components:
- Hardware –
Sniffers uses standard network adapters to capture network traffic.
- Capture Driver –
Capture Driver captures network traffic form Ethernet wire, filters that network traffic for information that you want and then stores the filtered information in a buffer.
- Buffer –
When a sniffer captures data from a network, it stores data in a buffer. There are 2 ways to store captured data –
- You can store data until buffer is filled with information
- It is the round robin method in which data in the buffer is always replaced by new data that is captured.
- Decoder –
The information that travels over the network is in binary format, which is not readable. you can use a decoder to interpret this information and display it in readable format. A decoder helps you analyze how information is passed from one computer to other.
Placement of Sniffer:
The most common places where you can place sniffers are:
- Cable wires
- Network segments connected to internet
Some common sniffer programs are: Ethereal, TCPDump, Snort.