Sniffer is a traffic analyzer capable of intercepting information intended for other nodes. Sniffers can pick up information for a short time, or grab several bytes of a packet or even an entire session.
A sniffer, or traffic analyzer, is a special program that is capable of intercepting and / or analyzing network traffic destined for other nodes. As you know, the transmission of information over the grid is carried out in packets - from the user's machine to the remote machine, so if you install a sniffer on an intermediate computer, it will capture passing packets before they reach the target.
The work of one sniffer can differ significantly from the work of another. The standard package starts its movement from the user's PC and then through each computer in the network, passing through the “neighboring computer”, “the computer equipped with a sniffer”, and ending with the “remote computer”. An ordinary machine does not pay attention to a packet that is not intended for its IP address, and a machine with a sniffer ignores these rules and intercepts any packet that is in its "field of activity". A sniffer is the same as a network analyzer, but security companies and the Federal Government prefer to use one word for it.
Passive attack
Hackers everywhere use this device to monitor the sent information, and this is nothing more than a passive attack. That is, there is no direct intrusion into someone else's network or computer, but there is an opportunity to obtain the desired information and passwords. Unlike an active attack involving remote hosting buffer overflows and network floods, a passive sniffer attack cannot be detected. Traces of his activities are not recorded anywhere. Nevertheless, the nature of his actions leaves no room for ambiguity.
This device allows you to receive any type of information transmitted on the network: passwords, e-mail addresses, confidential documents, etc. Moreover, the closer the sniffer is installed to the host machine, the more opportunities it has to obtain secret information.
Sniffer types
Most often, devices are used that carry out short-term information sampling and work in small networks. The fact is that a sniffer capable of constantly monitoring packets consumes a lot of CPU power, due to which the device can be detected. In large networks, sniffers operating on large data transfer protocols are capable of generating up to 10 MB per day if they are equipped with the registration of all conversational traffic. And if mail is also processed, then the volumes can be even greater. There is also a type of sniffer that only writes the first few bytes of a packet in order to capture a username and password. Some devices hijack the entire session and knock out the key. The type of sniffer is selected depending on the capabilities of the grid and the desires of the hacker.