Packet sniffing is a cyberattack in which packet data passing through the network is detected and examined. It refers to data theft and disclosure caused by capturing network traffic through packet sniffers. And it is the act of intercepting and monitoring traffic on a network. The attacker can further maliciously access and read the data which is not encrypted or traversing in clear text. The sniffer captures the data packets when flowing through the computer network. Moreover, it is the technique of capturing all data packets traversing through the network systems using a specialized software systems or hardware devices.
Packet sniffing attacks can be categorized into two main types
- Active sniffing attacks: a type of sniffing attack that involves sending designed packet to one or more target systems on the network to infiltrate sensitive data.
- Passing sniffing attacks: the attacker simply monitors traffic passing through the network without interfering with the transmission process
Common methods used for launching packet sniffing attack include the following:
- Password sniffing
- TCP session hijacking
- DNS poisoning
- JavaScript card sniffing attack
- ARP sniffing
- DHCP attack
The best prevention strategies against packet sniffing attack include:
- Never sending sensitive information across an unencrypted connection
- Use encryption (HTTPS) to protect sensitive data from being intercepted
- Deploy antivirus and firewalls to computer systems in the network
- Use VPN when using public Wi-Fi networks
- Continuously monitor the network for unusual traffic
- Secure wireless networks using WPA2
- Update software systems and devices latest security patches
- Avoid using insecure protocols
The popular tools used for packet sniffing include the following:
- Wireshark
- TCPdump
- Dsniff
- Etherpeek
- Networkminer
- Kismet