When you compose an email and press send, type in the URL of a website in your browser, or post a new update in your social media app, your information is broken down into packets of data and sent to its destination, whether it’s a computer in the next room or a server sitting in a data center thousands of miles away.
However, you and the receiving end are not the only parties that will have access to the data. While your information travels through the veins of your local network and the internet, it can be picked up by packet sniffers.
What is a packet sniffer?
Packet sniffers, also known as packet or protocol analyzers, are tools that can intercept and log the traffic running on the networks they’re connected to. They can be bought as specialized hardware or as software that is installed on computers and uses the host device’s network interface to monitor network traffic. Wireshark is a popular open-source packet-sniffing program.
How does a packet sniffer work?
On wired networks, depending on the type and configuration of switches used, packet sniffers will have access to all or a segment of the information that is being exchanged. On wireless networks, packet sniffers can only scan one channel at a time, unless the device running the software has multiple wireless network interfaces.
Packet sniffers can reveal a lot of information, such as which services and websites you’re visiting, and possibly what information you’re sending and receiving.
Who uses packet sniffers?
Packet sniffers were originally intended for administrative uses. Network administrators use packet sniffers to monitor corporate networks and perform diagnostic tests or troubleshoot problems.
However, malicious hackers use the same tools to eavesdrop on their victims to steal sensitive information, especially if it’s being sent in unencrypted format. They can also combine packet sniffers with other tools to manipulate packets in the network traffic and serve malicious content to the target. Another evil use of the tools can be replay attacks, in which attacker repeat an action performed by a user, such as approving a financial transaction or a sensitive operation. Public Wi-Fi networks are an especially attractive target for packet-sniffing hackers, where they can easily net unwary users.
How to protect yourself against packet sniffers?
While there’s little you can do to prevent a well-placed packet sniffer from picking up your network traffic, there are several measures that can render monitoring of your activity useless.
In general, encryption is your best defense against any form of eavesdropping, and packet sniffers are no exception. Limiting your browsing to encrypted websites (starting with https) will prevent packet sniffers from seeing the content or the specific page you’re visiting.
A more effective alternative is to use a virtual private network (VPN). VPNs encrypt your entire network traffic and conceal the websites, services, and apps you’re using. Sniffers will only be able to see a stream of encrypted data traveling between you and your VPN service provider.
If you want to go deeper and find potential packet sniffers on your network, you can use Antisniff, a tool that detects network devices that are set to “promiscuous mode,” a technical setting that is required for running packet-sniffing tools.
Like every other tool, packet sniffers have plenty of good and evil uses. It ultimately depends on whose hands they’re placed in.
Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.