Hello guys! Today’s article is about Sniffing which is also called Packet Sniffing.
So grab your cup of coffee and start reading with concentration because these are the basics you will need to be successful in your hacking journey. If your basics are not clear you will get stuck in problems during your hacks.
What Is Sniffing?
Lets say you are sitting in balcony of your house thus you will be able to see what is happening in the street. Who is going across the street, what he wearing, what luggage he is carrying etc. So you can easily spy on the activities of people who live in your street.
Internet is like a big city, everyone lives in a street (network) and someone who wants to spy on people in his street (network), can easily do that from his balcony (computer).
This spying is called sniffing.
More technically I would say, capturing data packets transmitted over a network is called Sniffing or Packet Sniffing.
Programs used for sniffing are called sniffers.
So basically a sniffer can be deployed between you can the server/website you want to access and the it will be able to intercept all the traffic.
Which means if you are logging into you facebook and someone is sniffing in your network he can get your username and password. Sniffing is cool huh?
But what if you want to spy on the activities of person who lives in some other street (i.e. out of your network)? We will get the answer soon just read along.
How Sniffers Work?
Well take a look at this article and read about ARP and LAN and then come back here so you can understand this part better.
NIC (Network Interface Card) is a piece of hardware which allows your device to use a wired connection (e.g., Ethernet) or a wireless connection (e.g., WiFi), so its present in nearly every device which is meant to connect to the internet.
A normally configured NIC will reject every data packet which is not meant for it (or say its MAC address).
But we can configure it to capture other packets too which means if you and your friend are connected to the same WiFi then you can configure your NIC so that it will capture everything that your friend is receiving.
What kind of configuration?
Well there are a lot of things a NIC can do or say a hacker can make it do but today our topic of interest is Sniffing so we will talk about Promiscuous Mode and Monitor Mode.
1. Promiscuous Mode: To use this mode we must be the part of the network we want to sniff i.e. it needs an access point.
When this mode is turned on, NIC captures all the data coming in or going out of the network as I explained above. This mode is supported by nearly all NICs.
2. Monitor Mode: To use this mode we don’t have to be a part of the network we want to sniff i.e. it doesn’t need an access point and it which means it can capture packets traveling in the “air”. This capability helps us to sniff wireless network (e.g. WiFi).
This mode is not supported by all NICs.
So is that all? Nope.
I told you how to sniff in your street (promiscuous mode) and how to sniff in nearby street (monitor mode). I used the analogy of nearby street for monitor mode because you need to be in the range of the WiFi router you want to sniff.
But as I said Internet is a city..a big city. It is made up of many streets (networks) so what should one do if he want to know about the activities of a street (network) which is not in his range?
Well you can send a malicious program which is capable of sniffing to one of the computers in the network you want to sniff.
You can setup a server and ask people to use it as proxy server and then sniff their data.
These possibilities give a wider range of possibilities. Wanna see?
Ok lets say in your network there are 3 computers which share a common Internet connection i.e. a WiFi.
Computers of your network send and receive information from a server which is in some another country. Here is a graphical representation:
Hmm so how would someone sniff the data transmitting between you and the server?
You remember what I told you? How to sniff in your street (network)? How to sniff the nearby street (network)? And how to sniff a street (network) which is not in your range?
If you don’t remember scroll up and read again otherwise take a look at this:
There are three sniffers who are sniffing your network in the diagram above:
1. Internal Sniffer: Someone in your network is sniffing the whole network by using promiscuous mode or maybe it’s not his fault because maybe his computer is hacked by someone who wanted to sniff your network.
2. Wireless Sniffer: Someone in range of your WiFi router is sniffing your network with monitor mode.
3. External Sniffer: Someone who is far away from you (can be even in a different country) is sniffing you. We don’t know how. Maybe the proxy servers you are using are in his control. Or maybe the server you are connected to got hacked by him.
You see? You are not safe.
That’s all for now.
Did I teach how to do sniffing? No.
Do you know the basics of sniffing now? Yes*
This article was only written to only written to introduce to the basics of sniffing so you can be a better sniffer….a better hacker.
We will learn how to sniff in upcoming articles. Till then check out other articles.
Thanks for reading.
Also Read: Firewall Explained For Absolute Beginners