What is Network Sniffing?

Network sniffing is a method of using specialized hardware and software to access information that isn’t being sent to someone or analyzing networks to which individuals don’t have legitimate access. Most sniffers work by analyzing data packets. Depending on which type of network sniffing is being used, the sniffer can read these packets both inside and outside a network. While network sniffing does have several legitimate uses, it is generally associated with the hacking community.

After information is sent over a network, it is broken up into packets. These packets contain a small amount of the information, the addresses of the receiver and sender and some technical data. Specialized hardware or software can intercept and copy these packets. Once she has a copy, a user is able to open the packet and read the information and addresses.

When done from inside a network, this is usually an internal security and troubleshooting method. System administrators will randomly monitor packets to make sure that the intended addressee is not attempting to circumvent Internet security protocols or access blocked locations. With this form of network sniffing, typically only the addresses are read.

If used as an internal network troubleshooting method, packets are analyzed in streams, often from across an entire network switch. Packets are checked for degradation in data or missing sequences. If there are any problems, then the network likely has a faulty piece of hardware. Additional locations are tested using similar methods until the faulty piece is found.

External network sniffing has two basic areas; wireless and wired. Wireless sniffing involves physically moving around and looking for wireless hotspots. Packet analyzers are used on outgoing information across the wireless system to find the types of hardware used for broadcast. It is then possible to find its default login information and access the security capabilities and vulnerabilities of that specific piece of hardware.

Wired sniffing is usually done for one of two reasons. The more common reason is to attempt to find information related to the network that the packets originate from or are destined to go to. By analyzing the addresses and packet information, a person can learn about internal network hardware and specific addresses. This may highlight a security vulnerability or a previously unknown method of entering the network.

The other main reason to intercept wired packets is for information theft. The packets contain a small amount of information. While this information is lightly encoded, it is far from secure. People can open the packets and search through the data for important information. Some systems have greater internal security, such as online credit card systems, that prevent data from being stolen in this manner.