Slide 1: PACKET SNIFFER
GUIDE : ANITHA MAM Slide 2: INDEX
WHAT IS SNIFFERS USED FOR??
HOW DOES PACKET SNIFFER WORK??
What are the components of a packet sniffer??
How can I configure my local network to make sniffing harder?
How can I detect a packet sniffer?
How can I sniff a switched network?
Sniffer Example Slide 3: Packet Sniffer Definition :
• packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic, then decodes this traffic in a process called “ Protocol Analysis “ . Slide 4: What is sniffers used for?
• Detection of clear-text passwords and usernames from the network.
• Conversion of data to human readable format so that people can read the traffic.
• Performance analysis to discover network
• Network intrusion detection in order to discover hackers Slide 5: How does Packet Sniffer work?
• Ethernet hardware is built with a "filter" that
ignores all traffic that doesn't belong to it. It does
this by ignoring all frames whose MAC address
doesn't match its own MAC.
• A sniffing program turns off this filter, putting
the Ethernet hardware into "promiscuous mode. Slide 6: What are the components of a packet sniffer?
1- Hardware : standard network adapters .
2- Capture Filter : This is the most important part .
It captures the network traffic from the wire, filters
it for the particular traffic you want, then stores the
data in a buffer.
3- Buffers : used to store the frames captured by
the Capture Filter . Slide 7: 4- Real-time analyzer: a module in the packet
sniffer program used for traffic analysis and to
sift the traffic for intrusion detection.
5- Decoder : "Protocol Analysis" .
6- Packet editing/transmission: Some products
contain features that allow you to edit your own
network packets and transmit them onto the
network Slide 8: How can I configure my local network to make sniffing harder?
• Replacing the hub with a switch will provide a
simple, yet effective defence against casual
sniffing. Is that enough ?What about kicking the switch from bridging to repeating mode? Slide 9: How can I detect a packet sniffer?
• Ping method .
• ARP method .
• DNS method . Slide 10: How can I sniff a switched network?
• switch jamming
• ARP redirect
• ICMP redirect Slide 11: Sniffer Example : Ethereal
1- Available for UNIX and Windows.
2- Filter packets on many criteria
3- Search for packets using filters
4- Colorize packet display based on filters Slide 12: ?
QUESTIONS ARE NOT ALLOWED…..:P