Network traffic analyzer sniffer. What is a sniffer: description

Many users of computer networks, in general, do not know such a thing as "sniffer". What is a sniffer, and try to determine, in simple language of an unprepared user. But to begin with, you still have to delve into the predetermination of the term itself.

Sniffer: what is sniffer in terms of English and computer technology?

In fact, it is not difficult to determine the essence of such a software or hardware / software complex, simply by translating the term.

This name comes from the English word sniff (sniff). Hence the meaning of the Russian-speaking term "sniffer". What is sniffer in our understanding? "Sniff", able to monitor the use of network traffic, and, more simply, a spy that can interfere with the operation of local or Internet-centric networks, extracting the information it needs based on access through TCP / IP data transfer protocols.

Traffic Analyzer: how does it work?

Let's talk at once: the sniffer, whether it is a software or a conditionally-software component, is capable of analyzing and intercepting traffic (transmitted and received data) exclusively through network cards (Ethernet). What happens?

The network interface is not always protected by a firewall (again - software or "iron"), and therefore interception of transmitted or received data becomes just a matter of technique.

Inside the network, information is transmitted by segments. Within one segment, it is supposed to send data packets to absolutely all devices connected to the network. Segmental information is forwarded to routers (routers), and then to switches (switches) and concentrators (hubs). Sending information is done by splitting the packets, so that the end user receives all the parts of the packet that are connected together from completely different routes. Thus, "listening" of all potentially possible routes from one subscriber to another or the interaction of an Internet resource with a user can give not only access to unencrypted information, but also to certain secret keys that can also be sent in such an interaction process. And then the network interface is completely unprotected, because there is an interference of a third party.

Good intentions and malicious intent?

Sniffers can be used for both harm and good. Not to mention the negative impact, it should be noted that such hardware and software complexes are often used by system administrators who try to track users' actions not only on the network, but also their behavior on the Internet in terms of visited resources, activated downloads to or from computers .

The technique by which the network analyzer works is quite simple. Sniffer defines the outgoing and incoming traffic of the machine. This is not an internal or external IP. The most important criterion is the so-called MAC-address, unique for any device connected to the global web. It is through it that each machine is identified on the network.

Types of sniffers

But they can be divided into several main types:

• Hardware;
• Software;
• Hardware-software;
• Online applets.

Behavioral detection of the presence of sniffer in the network

Detect the same WiFi sniffer can be on the load on the network. If you see that the data transfer or connection is not at the level that the provider claims (or the router allows), you should pay attention to it immediately.

On the other hand, the provider can also launch a software sniffer to monitor traffic without the user's knowledge. But, as a rule, the user does not even know about it. But the organization that provides communication services and Internet connections, thus guarantees the user full security in terms of intercepting flooding, self-installing clients of heterogeneous peer-to-peer networks, trojans, spies, etc. But such tools are more programmatic and have little impact on the network or user terminals.

Online Resources

But an online traffic analyzer can be especially dangerous. The use of sniffers built a primitive system of hacking computers. The technology in its simplest form boils down to the fact that initially an intruder is registered on a certain resource, then uploads a picture to the site. After confirming the download, a link to the online sniffer is sent, which is sent to the potential victim, for example, in the form of an e-mail or the same SMS message with a text like "You received a congratulation from that. To open an image (postcard), click on the link ».

Naive users click on the specified hyperlink, resulting in activation of the identification and transfer of an external IP-address to an attacker. If there is an appropriate application, he can not only view all the data stored on the computer, but also easily change the system settings from the outside, which the local user does not even guess, having accepted such a change for the impact of the virus. Yes, that's just the scanner at checkout will give zero threats.

How to protect against interception of data?

Whether it's a WiFi sniffer or any other analyzer, there's still some protection against unauthorized traffic scanning. Condition one: they need to be installed only on condition of full confidence in the "wiretapping".

Such software is often called "antisniffers". But if you think about it, these are the same sniffers analyzing traffic, but blocking other programs trying to get unauthorized access.

Hence the legitimate question: is it worthwhile to install such software? Perhaps, its hacking from the side of hackers will cause more harm, or it itself will block what should work?

In the simplest case of Windows-based systems, it is better to use the built-in firewall (firewall) as a protection. Sometimes there may be conflicts with the installed antivirus, but this often only applies to free packages. Professional purchased or monthly activated versions of such shortcomings are deprived.

Instead of an afterword

That's all that concerns the concept of "sniffer". What is a sniffer, it seems, already many have realized. At last the question remains in another: how correctly such things will the ordinary user use? And that after all among young users sometimes you can see a tendency to computer hooliganism. They think that hacking someone else's "comp" is something like an interesting competition or self-assertion. Unfortunately, none of them even thinks about the consequences, and it's very easy to identify an attacker using the same online sniffer on its external IP, for example, on the WhoIs website. As the location, however, the location of the provider will be indicated, however, the country and city will be determined exactly. Well, then the case for small: either a call to the provider to block the terminal from which unauthorized access was made, or a court case. Do your own conclusions.

With the installed program for determining the location of the terminal from which an access attempt is made, the situation is even simpler. But the consequences can be catastrophic, since not all users use those anonymizers or virtual proxy servers and do not even have a clue how to hide their IP on the Internet. And it would be worth learning ...