Introduction to Packet Sniffing
Its
a cruel irony in information security that many of the features that
make using computers easier or more efficient and the tools used to
protect and secure the network can also be used to exploit and
compromise the same computers and networks. This is the case with packet
sniffing.
In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface.
Typically,
the packet sniffer would only capture packets that were intended for
the machine in question. However, if placed into promiscuous mode, the
packet sniffer is also capable of capturing ALL packets traversing the
network regardless of destination.
By placing
a packet sniffer on a network in promiscuous mode, a malicious intruder
can capture and analyze all of the network traffic. Within a given
network, username and password information is generally transmitted in
clear text which means that the information would be viewable by
analyzing the packets being transmitted.
A
packet sniffer can only capture packet information within a given
subnet. So, its not possible for a malicious attacker to place a packet
sniffer on their home ISP network and capture network traffic from
inside your corporate network (although there are ways that exist to
more or less "hijack" services running on your internal network to
effectively perform packet sniffing from a remote location). In order to
do so, the packet sniffer needs to be running on a computer that is
inside the corporate network as well. However, if one machine on the
internal network becomes compromised through a Trojan or other security
breach, the intruder could run a packet sniffer from that machine and
use the captured username and password information to compromise other
machines on the network.
If you are one of the good
guys and you need to maintain and monitor a network, I recommend you
become familiar with network monitors or packet sniffers such as
Ethereal. Learn what types of information can be discerned from the
captured data and how you can put it to use to keep your network running
smoothly. But, also be aware that users on your network may be running
rogue packet sniffers, either experimenting out of curiosity or with
malicious intent, and that you should do what you can to make sure this
does not happen.
No comments:
Post a Comment