In: Categories » Computers and technology » Data security » Sniffers as Security Risks
|
Sniffers differ greatly from keystroke-capture programs. Here's how: Key-capture programs save, or capture, keystrokes entered at a terminal. Sniffers, on the other hand, capture actual network packets. Sniffers do this by placing the network interface—an Ethernet adapter, for example—into promiscuous mode. Sniffers also differ in one key aspect from other attack methods—sniffers are passive, only listening to the network traffic. A sniffer always functions in a promiscuous mode. Normally, a system's network card will only grab packets destined for that system. In promiscuous mode, however, instead of ignoring all other packets, the system captures every packet that it sees on the network. To further understand how promiscuous mode works, you must first understand how local area networks are designed. Local Area Networks and Data TrafficLocal area networks (LANs) are small networks connected (generally) via Ethernet. Data is transmitted from one machine to another via cable. There are different types of cable, which transmit data at different speeds. The five most common types of network cable follow: · 10BASE-2. (10Mbps) Coaxial Ethernet (thinwire) that, by default, transports data distances of up to 600 feet. · 10BASE-5. (10Mbps) Coaxial Ethernet (thickwire) that, by default, transports data distances of up to 1,500 feet. · 10BASE-F. (10Mbps) Fiber optic Ethernet. · 10BASE-T. (10Mbps) Twisted pair Ethernet that, by default, transports data distances of up to 300 feet. · 100BASE-T. (100Mbps) Fast Ethernet that, by default, transports data distances of up to 300 feet. Data travels along the cable in small units called frames. These frames are constructed in sections, and each section carries specialized information. (For example, the first 12 bytes of an Ethernet frame carry both the destination and source address. These values tell the network where the data came from and where it's going. Other portions of an Ethernet frame carry actual user data, TCP/IP headers, IPX headers, and so forth.) Frames are packaged for transport by special software called a network driver. The frames are then passed from your machine to cable via your Ethernet card. From there, they travel to their destination. At that point, the process is executed in reverse: The recipient machine's Ethernet card picks up the frames, tells the operating system that frames have arrived, and passes those frames on for processing. Sniffers pose a security risk because of the way frames are transported and delivered. Let's briefly look at that process. Packet Transport and DeliveryEach workstation in a LAN has its own hardware address or Media Access Control (MAC) address. This address uniquely identifies that machine from all others on the network. (This is similar to the Internet address system.) When you send a message across the LAN, your packets are sent to all connected machines. Under normal circumstances, all machines on the network can "hear" that traffic going by, but will only respond to data addressed specifically to them. (In other words, Workstation A will not capture data intended for Workstation B. Instead, Workstation A will simply ignore that data.) If a workstation's network interface is in promiscuous mode, however, it can capture all packets and frames on the network. A workstation configured in this way (and the software on it) is a sniffer.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...
2. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...
3. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...
4. Virus Prevention ~ How to protect against Internet Viruses
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...
The dangers of Trojans and viruses are well known. However, many computer users are completely unaware of the dangers involved in viewing Web pages. Through scripting languages, Web page operators can upload and download files to your device (PC/PDA). They can also install mini-programs or grab information from you that can be used to destroy or take over your computer. Every time you go to a Web page, you actually download the full document to your computer. This includes all text, pictures, and even any code that is r...
6. Features of Windows Encrypting File System (EFS)
• Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5). • Encryption is transparent to the user. • Uses public-key encryption. Using a public key from the user’s certificate encrypts keys that are used to encrypt the file. The list of encrypted fileencryption keys is kept with the encrypted file and is unique to it. When decrypting the file encryption keys, the file owner provides a private key that only he has. ...
7. What are Denial of Service Attacks (DOS attacks) and how to protect against them
Hackers can wreak havoc without ever penetrating your system. For example, a hacker can effectively shut down your computer by flooding you with obnoxious signals or malicious code. This technique is known as a denial-of-service attack. Hackers execute a denial-of-service attack by using one of two possible methods. The first method is to flood the target computer or hardware device with information so that it becomes overwhelmed. The alternative method is to send a well-crafted command or piece of erroneous data that crash...