Network packets: Data that is split into
chunks (packets) sent between your computer and a router containing all
the data you receive and send out.
Packet capture: The act of downloading packets to read them as plain text.
Packet Sniffing: The use of software to
download and capture many or all packets being transferred over a
network, usually to find sensitive data such as passwords and credit
card information on public networks.
There are 3 Categories of Packets sniffing, this post will be
focusing on type 1:White Hat/No Encrypted data. To start off packet
sniffing is not all bad it can be very useful for detecting variety a
of problems on networks such as someone using your Internet, twin IP
address errors and more.
How is Packet Sniffing Preformed?
Packet sniffing is made easy today with software such as Wireshark.
For type I packet sniffing you must have access to a network preferably
your own (some legal issues occur on public networks). To start packet
sniffing you then need a packet analyzer such as Wireshark. Once
Wireshark is up and running select the device you would like to start
sniffing packets on most likely this will be the one labeled ethernet1.
Once the device is selected you can start scanning, a list of packets
will start popping up of all the activity on the network. Once someone
has got this far they’re basically done for type I all they have to do
is right-click on the packet then click read. Any data transmitted in
plain-text is open to their eyes so be careful on public networks.
How is This Useful?
Besides the obvious black hat implications of packet sniffing there
are a lot of scenarios where this can be very useful. Such as analyzing
network problems, detecting network intrusion attempts, gather and
report networks of statistics, monitor data in motion and filter suspect
content from network traffic. Mr. Meyer(IT guy at my school) most
likely sniffs packets at our school to monitor traffic this is probably
automated by software searching for certain keywords in the packets and
then notifies Mr. Meyer when these keywords appear in the packets.
Why Not to Worry?
Type I packet sniffing is not what you have to worry about when it
comes to invasion of information because type I deals with unencrypted,
plaintext information. The majority of Internet activity with sensitive
data is encrypted (that’s what the ‘s’ after http means) when you’re on a
website. If you use a mainstream e-mail service like Gmail or Yahoo
where the E-mails are encrypted when sent through the network so they’re
safe to from type I packet sniffing.
My Opinions/Thoughts
Type I packet sniffing can be useful for analyzing network problems
and that’s the only thing I see it for or at least main use. Many times
people will see type I packet sniffing and think they’re hacking or
doing something illegal but not really there are some times where you
could use type I for malicious use but these events are very rare. I
have never actually performed type I packet sniffing in a scenario that
was actually useful. There is often other ways to diagnose network
issues that are more automated and easy to do so type I packet sniffing
is not commonly used in therefore the other categories of packet
sniffing or what everybody else hears about