Packet sniffers are specialized tools that are usually designed to help network administrators in monitoring networks and troubleshoot network problems. However, these tools can be dangerous for security if used in the wrong fashion.
A packet sniffer is either some kind of hardware appliance, or software installed on a desktop or server computer, that has the ability to capture network packets and record them, usually for network maintenance and monitoring purposes. Such tools are called packet sniffers, but they may also have different names, like packet analyzer or protocol analyzer, traffic analyzer etc. Anyway, this kind of tools, either hardware or full software based, can intercept network traffic on a given hub or switch (a so called network node) and monitor one or more protocols, extract valuable data from it and store it for later analysis and processing.
The problem is that packet sniffers can be dangerous for security of computers, due to their ability of intercepting network packets and recording them. A packet sniffer is a stealth tool. Users have no knowledge whatsoever, that their own traffic is being recorded; there is no common way to detect that a sniffer is currently recording your data transmitted over the network; so it would be rather useful to assume it is, in all cases, and take whatever measures to protect yourself from this kind of information leakage.
The biggest risk coming from packet sniffers is the ability to record user names and passwords. The risk comes from the fact that many Internet protocols widely used today are still unsecure. World Wide Web uses data in non-encrypted format, so it is easy for a packet sniffer to detect what websites you are visiting and which pages, apart from the case when secure socket connections are used via https:// based pages. Email is mainly unencrypted and can be easily sniffed. Internet Relay chat conversations can be also easily recorded via packet sniffers. Many Internet messenger programs are still using unencrypted transmissions, and therefore they are vulnerable to packet sniffing. FTP communications are vulnerable as well. And there are many other protocols still relying on plain text transmissions. As an important thing to keep in mind, please note that Cable – based Internet connections are usually connected into a single large network that can be easily sniffed so if you have such a connection, the risk of your data being compromised via packet sniffers is very high.
What to do? First of all, be aware that every network activity coming from your computer, using an Internet protocol that is non-encrypted, can be recorded and your information can be compromised. You should never send passwords via email; use encrypted email for example through secure connections to web based email systems like Yahoo for example. Use secured web pages whenever available; many sites can be browsed via https:// although the site may not advertise this. Never send any user names or passwords via unsecured Internet protocols. Be informed, learn about possible risks from security news and documentation available on the Internet, and how you can protect yourself from all these risks.
best description ever... oh stormium, you are so wise...
