Sniffing is when packets passing through a network are monitored, captured, and sometimes analyzed. It can be used for good and evil. For example, your system administrator might use sniffing to troubleshoot or analyze the network or to perform egress defense. On the other hand, hackers can use this technique to perform man-in-the-middle attacks that aim to steal your bank details, account credentials, or other personally identifiable data that could lead to identity theft.
You might have seen sniffing attacks in old spy movies, where the bad guy’s phone is wiretapped to collect sensitive information and prove their guilt. That’s a sniffer attack in its simplest form. In the cyber world, hackers use more sophisticated sniffing tools that can be apps, scripts, sniffing software, or hardware devices at the network or host level. With sniffing, any data you share over the internet that isn’t encrypted can be stolen. Here’s what hackers can sniff:
To understand how sniffing works, we first need to understand how information travels over the internet. Any data sent online is divided into packets, which are sent from your device and then reassembled at their destination point. These data packets have to pass by many routers and switches before they reach their destination. Each of those points can be used for packet sniffing.
Passive sniffing collects the passing data while the hacker lies dormant. This type of sniffing can be used on networks that are connected by hubs – devices that receive the traffic on one port and then retransmit it to other ports. Therefore, when a sniffer device is placed at the hub, the hacker can capture the traffic. Fortunately, hubs are gradually being replaced by switches. Therefore, hackers are now moving towards active sniffing attacks.
Active sniffing mostly focuses on flooding the switch content address memory (CAM) table, which redirects legitimate traffic to other ports. The hacker can then snoop on the traffic from the switch. Active sniffing attacks include spoofing attacks, DNS poisoning, DHCP attacks, MAC flooding, MAC spoofing, etc.
Prevent sniffing attacks while using public Wi-Fi. Try NordVPN with a 30-day money-back guarantee.