Packet Sniffing is the process to capture packets. Generally, computer network packets are sniffed. Packet sniffing may seem very simple but in reality, it provides a lot of complexity related to the protocols, network mediums, etc.
Packet Capture or Packet Sniffing
Before starting to learn what is packet sniffing we have to learn the difference between packet capture or packet sniffing. Well, actually there is no difference between packet capture or packet sniffing. So both terms
Packet Capture and
Packet Sniffing refers to the same action. But while expressing the packet sniffing tools generally
Packet Capture Tools term is used.
What Is Packet Sniffing?
Modern Computer networks are created to transmit data between different hosts, systems, networks in packets. There are a lot of different protocols created to transmit these packets but the most popular protocol is TCP/IP. Ethernet and Wifi protocols are also used to transmit packets from one hop to another. Even these protocols are designed to transfer packets to the specified destination there are some tricks to capture or sniff these packets. Sniffed data contains protocol data and user data. Protocol data provides the source and destination addresses, packet number, packet size, CRC and similar data to ensure protocol transmission.
Packet Sniffing Methods and Ways
The packet sniffing generally occurs in Layer 2 which provides protocols like Ethernet, Wifi, Bluetooth, etc. Packets of the local system or remote system can be sniffed with different methods and ways.
- `Man In The Middle` method will replicate the target MAC address and redirect packets to the attacker
- `Promiscuous` mode will listen to all incoming packets to the local system.
Why Packet Sniffing?
Packet sniffing is a very popular method for different reasons used by different actors.
- `Governments` can sniff packets to gain legal evidence about a case
- `Technical Person`can sniff packets to detailed information about the network traffic
- `Network Administrator` can sniff packet to get a problem and solve it
- `Hacker` can sniff packets to gain valuable information about the target.
- `Security Person` can sniff packets to detect attacks
- `Compliance Manager` can sniff packets in order to detect compliance braches.
Packet sniffing is very popular inside the IT industry. During the time a lot of packet sniffing/capturing software is created. Some of them are free and some of them are paid. Here we will list popular packet sniffing software.
Wireshark is the most popular and known packet sniffer. It is provided free and supports hundreds of network protocols. It can live capture and offline analysis. Wireshark provides very detailed search and match features where every packet can be filtered according to its different aspects like size, source and destination address, type, number, etc.
Tshark is the network protocol sniffer and analyzer which is the backend of the Wireshark. Tshark is a command-line tool similar to the tcpdump. Tshark provides command-line features of the Wireshark.
tcpdump is another popular command-line based packet capturing tool. It is mainly used from the command line for troubleshooting problems and provided in different platforms by default. tcpdump also provides very complex packet filtering options.
Kismet is not just a packet sniffer where is provides a different wireless related function. Kismet is used to detect, sniff and crack wireless SSID’s passwords. Kismet mainly developed for WiFi or Wireless networks.