Sniffing is an eavesdropping technique used mostly by hackers to capture passwords, emails, instant messages (IM), and other sensitive information you send across a wireless network or wired hub. Sniffing is a widespread attack that even the most novice of hackers can execute. It’s also a very stealthy attack that will go unnoticed by many users.
This article will offer a basic understanding of sniffing, and after reading it, you will know how hackers can read your traffic and what steps you can take to prevent this from happening.
What is a Sniffing Attack?
A sniffing attack, otherwise known as a packet sniffing or eavesdropping attack, allows an attacker to intercept all information passed over a wired or wireless network. This includes sensitive data that was not meant for them, which the attacker can view, record, and store all the information you send across a network.
A hacker can use a network interface card (NIC) to allow them to listen, watch and capture traffic that passes over a wired or wireless connection. It’s important to note that wireless networks will be the primary focus of this article. However, you can perform a sniffing attack on a wired connection by using special hardware, software, or a USB network interface card.
The attacker installs the sniffing hardware on your computer, whether it be on the wired or wireless connection. Or, in some cases, an attacker can remotely install the software to another computer that they are able to get into. This allows them to track all data sent through that specific NIC.
For example, when you visit a website and log in to your account, the attacker will be able to see your username and password. They can then use it for their own gain, such as logging into your personal accounts or sell it on the black market.
What are the Different Types of Sniffing?
Sniffing can often be broken down into two different categories. These are passive sniffing and active sniffing.
Active Sniffing
Active sniffing is done by directly connecting a NIC to the wired or wireless network. In many cases, this requires the attacker to physically access the network, making it very easy to trace and detect. This type of sniffing is often called “line-injection” and can be captured using special hardware such as AirPcap.
Passive Sniffing
Passive sniffing is a bit trickier to detect and often goes unnoticed by many users. In this type of attack, the NIC is not directly connected but reads all network traffic wirelessly. This can be done even if you are unaware that your wireless connection has been compromised. Hackers will use software such as Kismet and AirMagnet to do passive sniffing.
If you are using a wireless adapter card, hackers can install special software on your computer and configure it to be used as an access point (AP). This works by tricking your computer into thinking that the AP is your default gateway, and it completely takes overall communication. After this has been done, hackers will then obtain all traffic within range of the AP, and it will be displayed on their computer as if they were connected to the network.
Active sniffing is a more advanced form of sniffing attack. However, passive sniffing can be just as dangerous, and many users have been a victim of this type of attack without even knowing it until after the fact.
What are Network Sniffers Used For?
Network sniffers are a network administrator’s dream tool. Network administrators workday in and day out to maintain the efficiency of their networks, from connecting local area networks with routers, to monitoring bandwidth utilization, setting an access point for wireless devices, managing services running on multiple servers across geographically disparate locations, and so much more. A network sniffer makes the job easier by providing information that would otherwise be extremely difficult to obtain. For example, for a network administrator, or anyone else for that matter, to effectively troubleshoot a network issue, they need to have access to statistics about their network’s performance, including:
What protocols are Being Utilized or How Often are They Being Used
For example, does your file transfer protocol of choice (FTP) constantly run during business hours at a rate of 10 megabits/second only to drop off once everyone has gone home for the day? This can indicate bandwidth consumption caused by employees not turning off their computers properly when leaving work.
Network Performance
For example, if you notice that one computer uses 100% of your available bandwidth all day long, but nobody is on it, you may want to troubleshoot the system. Perhaps the machine is infected with malware; maybe it has been hijacked by hackers seeking to use your network’s resources for their own uses (such as sending spam emails or participating in illegal activities), or perhaps even the user isn’t aware of all the programs they have running at startup which is automatically seeking out data across unsecured networks.
How Often Are Computers Connecting to Internet Resources Outside of Your Network?
This can indicate employee wrongdoing, such as downloading copyrighted works or proprietary information without permission. It can also be attributed to malware infections which force machines to connect to malicious or criminal servers across the internet.
How to Protect Yourself from Sniffing Attacks?
Unfortunately, the only way to protect yourself from sniffing attacks is to use an encrypted connection. However, using encrypted connections can be very cumbersome and time-consuming for users who need constant access to unencrypted networks (such as in an office environment).
- Since this is not possible for all situations, what can you do? You can prevent people from listening in on your wireless network by not advertising its presence which will deter most casual hackers. Hackers with more advanced skills might still get through, but it will certainly help if you are trying to keep things private while still allowing employees to move around the office freely while connected wirelessly.
- The next thing you should consider is disabling the automatic discovery of wireless networks so that anyone looking for yours will have a more challenging time finding it. If they can’t find it, then they can’t access it. Not broadcasting your SSID is a simple security measure that anyone can take to help protect their wireless network from sniffing attacks.
- Lastly, if you have a business partner or a friend who needs temporary access to the internet through your wireless router, consider setting up a guest account for them so that they have limited access to resources on your network.
- This way, even if someone does gain access through the guest account, they won’t be able to do as much damage as if they had full administrator privileges. In addition, all of this information will be used against you only if somebody with malicious intent has physical (or remote) access to one of your machines which makes these steps more effective.
- Finally, you should keep an eye on your bandwidth usage to ensure that one computer is not hogging your network’s resources during business hours, which may indicate malware or other forms of wrongdoing.
Conclusion
The information above is simply an overview of wireless sniffing attacks. For additional information regarding protecting your network, I recommend you discuss this with a local (or virtual) IT consultant who can properly assess your situation and provide the necessary steps towards securing your wireless network.
