A network sniffer is a powerful utility software primarily used to monitor network traffic in real time by capturing packets of data coming in and out of a computer connected to a network. The pieces of data collected are analyzed to identify and resolve network problems, manage network traffic and detect hackers who also use network sniffers to go about their malicious activities in a network. The activities of hackers include the cracking of users' coded names or identification numbers and passwords in order to facilitate computer fraud such as the transfer of funds from one account to another and other illegal transactions.
Network sniffers come in two basic types — portable and distributed. Portable sniffers are standalone systems that can be set up in a personal computer, and distributed sniffers are systems installed by large organizations with an extensive network that is managed and controlled through a network operation center. Network sniffers work by switching the network interface card (NIC) to promiscuous mode so that the NIC will not ignore all of the data that comes in frames. The NIC will instead pass all of the data it receives to the kernel, which is the heart of a computer’s operating system and the link between applications and all data processing done in the hardware level. Only a superuser or administrator is allowed to switch the NIC to promiscuous mode for network security purposes.
Network sniffers have the purpose of enhancing the performance of a computer network. The proliferation of hackers who use network sniffers for their personal ill intentions and even organized computer crimes, however, has given network sniffers a bad reputation and more reason for network administrators to think about network security. Network sniffers, nevertheless, still are necessary to maintain the efficiency of a network, and the only recourse is to combat hackers by shielding the network from unauthorized sniffing and other malicious manipulations.
Network administrators can protect their network environment from the wrongdoing of network spies or hackers by using anti-sniffing software. These programs will scan the network regularly to check which of the NIC cards are running in promiscuous mode. Another security option is to adapt to a switched network environment so that the packets of data that travel within the network are delivered only to the computer of the intended user.
A more reliable form of network security is data encryption. The pieces of data in a packet are converted into a non-readable form, except for the address of the source and destination of the data, to make sure that the packet of data goes to the correct recipient. Reading the data will require decryption on the receiving end. The data that the hacker will see, therefore, is limited to the addresses of the sender and the recipient.