Sniffer passwords, networks. Sniffer - what is it?

Many users of computer systems have heard about such a concept as "sniffer". What is it, though, to a full extent not everyone imagines. In addition, today we can identify a very limited number of people who know how and where such programs and "iron" equipment are used. Let's try to figure out what's what.

Sniffer: what is this?

Let's start with the very definition of the term. To get to the heart of the matter, you should first simply translate the word "sniffer". What it is? In the literal translation of the English concept, sniffer means "sniff".

In simpler terms, this is a program or equipment capable of extracting the necessary information, whether it be external network IP addresses, encrypted passwords or confidential data, based on traffic analysis in the form of packets of transmitted or received data on the network. The sniffers themselves can be used for both harm and good.

The main types of sniffers

As for the basic types of sniffers, it does not necessarily have to be software installed on a computer terminal, or made as an online applet.

It is often possible to meet sniffers and in the form of "iron" equipment or components that combine both program and physical attributes. Based on this, the main types of sniffers include the following types:

• Software;
• Hardware;
• Software and hardware;
• Online components.

With the basic classification, it is also possible to distinguish the division in the direction of analysis. For example, the most common type is the password sniffer, whose main task is extracting from the data packets of open or encrypted access codes to any information. There are sniffers, which assume solely the calculation of the IP addresses of a specific terminal with the purpose of accessing the user's computer and the information stored in it.

How it works?

The technology of interception of the network traffic is applicable exclusively to networks based on TCP / IP protocols and the implemented connection through Ethernet network cards. Wireless networks can also be analyzed, because after all, initially there is a wired connection to this system (to a router, to a distributing laptop or a stationary PC).

Data transmission to the network is not carried out by the whole block, but by dividing it into standard packages and segments, which, when received by the receiving party, are combined into a single whole. The sniffer program is able to monitor all possible transmission channels of each segment, and at the moment of transferring (unselecting) unprotected packets to devices connected to the network (routers, hubs, switches, computers or mobile devices), the necessary data is extracted, which can contain the same passwords. Thus, hacking the password becomes a common business technique, especially if it is not encrypted.

But even with the use of modern password encryption technologies, it can be transmitted along with the corresponding key. If it's an open key, getting the password is easy. If the key is also encrypted, the attacker can easily apply some decryption program, which in the end will also lead to data cracking.

Where is the sniffer of the network used?

The scope of using sniffers is very unique. It is not necessary to think that any convenient sniffer in Russian is exclusively a means of hackers trying to make unauthorized interference with network traffic in order to obtain some important information.

With equal success, sniffers can be used by providers who, based on their data, analyze their users' traffic, enhancing the security of computer systems. Although such equipment and applications are called antisniffers, in fact these are the most common sniffers, as if working in the opposite direction.

Of course, no one notifies the users about such actions from the provider's side, and there is no special meaning in this. Ordinary user is unlikely to independently take any countermeasures. And for a provider, traffic analysis is often very important, since it can prevent attempts to interfere with networks from outside, because analyzing access to transmitted packets, you can track unauthorized access to them, at least on the basis of the same external IP addresses of devices trying to intercept the transmitted segments. But this is the simplest example, because the whole technology is much more complicated.

The presence of a sniffer

While we leave aside such a thing as "sniffer". What is it, is already a little understandable, now let's see what signs it is possible to determine the "wiretapping" of the sniffer by itself.

If everything is in order with the computer system and the network or Internet connection works without failures, the first sign of interference from the outside is a decrease in the speed of packet transmission, in comparison with that stated by the provider. In Windows-based systems standard user can hardly determine the speed of the ordinary user even when the network status menu is clicked on the connection icon. Only the number of packets sent and received is specified here.

Similarly, the performance in the "Task Manager" displays the necessary information to the fullest, besides, the speed reduction can be connected with the limitations of the resource itself, which is accessed. It is best to use special utilities-analyzers, which, by the way, work on the principle of sniffer. The only thing you need to pay attention to is that programs of this type after installation can cause errors that appear due to conflicts with firewalls (built-in Windows firewall or third-party programs and hardware of "iron" type). Therefore, at the time of the analysis, the protective screens should be completely disconnected.

Conclusion

That, in fact, and everything that concerns such a thing as "sniffer". What is it in terms of a hacking or protection tool, in principle, should be clear. It remains to add a few words about online applets. They are mostly used by hackers to obtain the victim's IP address and access to confidential information. In addition to the fact that such an online sniffer performs its immediate function, the attacker's IP address also changes. In this respect, such applets are somewhat like anonymous proxy servers that hide real user IP. For understandable reasons, data on such Internet resources are not given, since interference with the work of other people's computers with these programs, seemingly officially placed, is illegal and punishable.