Wireless sniffing is the practice of eavesdropping on communications within a wireless network by using special software or hardware tools. Sniffing is more intrusive than wireless stumbling, which is looking for the presence of wireless networks. The motives behind wireless sniffing can range from troubleshooting to a malicious attack against a network or individual.
Both wired and wireless networks can be monitored or sniffed. Wireless networks generally are easier to sniff because they use radio signals as a method of communication. An attacker could, for example, sit in a car outside a home or business and sniff a wireless network.
Computer networks divide information into pieces called frames. Inside these frames are data packets. Wireless sniffing might target frames, packets or both.
Targeting frames can reveal the presence of a wireless base station that is set up to remain hidden, and it even can be used to crack older wireless encryption standards. Packet sniffing, which can also be called Internet provider (IP) sniffing, can be used to monitor e-mail or other data being sent over a wireless network by others. It also can help a network administrator watch for and diagnose network problems.
To sniff wireless networks, special software known as a sniffer is used to monitor network traffic. Networked computers and devices typically look only at frames and packets that are addressed to them. Sniffing software looks at all frames or packets, regardless of which computer the information is intended for. The wireless card or chipset and drivers that are used must be capable of this, and they must be compatible with the software used.
Wireless sniffing typically has two types of modes: monitor mode and promiscuous mode. In monitor mode, a wireless adapter is instructed to listen for the radio messages broadcast by other wireless devices without broadcasting any messages of its own. This type of sniffing is nearly impossible to detect because the attacker does not broadcast any messages. In promiscuous mode, a sniffer becomes associated with a particular wireless access point. This allows all data on the access point to be monitored, but it could expose the sniffer.
Sometimes a malicious intruder will use information gathered during a wireless sniffing session to imitate another machine. This is known as spoofing. Wireless sniffing can be used to enhance security as well. Wireless sniffing also can be used to perform intrusion detection — watching for attackers or intruders on a network.