It’s sometimes easy to forget, but data has to travel. Whenever we’re connected to the internet, we’re slinging packets of data every which way. Connect to public wi-fi, and you spew your information in all directions as it attempts to locate a gateway that will carry it to its destination. If this information seems obvious to you, then so should the packet sniffer, a simple tool that involves capturing information as it travels.
Before I scare you, packet sniffers aren’t always used for malicious purposes. They’re often used to simply track the flow of data and can be useful in finding areas of heavy traffic and congestion within networks. If a system on your network has been compromised and is spewing data into the internet, a packet sniffer can be used to find out exactly where that data is coming from. Just because a friendly system administrator says they've used a packet sniffer doesn’t indicate something sinister. With that in mind, I’m going to be focusing on the malicious uses of the technology.
For the active hacker, a packet sniffer is a favourite tool. A sniffer can be used to find all sorts of data flying through the air. Hidden wi-fi hotspots can be located and their passkeys discerned through simple software. The wi-fi at any café, airport, or restaurant can become a net to ensnare unprotected packets of data.
It’s actually not difficult to do, either. Modern sniffer software can work on any sort of PC or smartphone and will often capture long lists of transmissions, allowing the hacker to easily pick through the ones that are unencrypted. From there, a hacker can either parse the data for passwords or information or launch a man-in-the-middle attack to gain access to private servers. Some of this software is available for free and some even have user-friendly GUIs. For the more hands-on hacker, wired networks can be sniffed using taps or by installing malicious software on a compromised machine.
SENT BY SCENT
Some sniffers take advantage of a vulnerability that allows the hacker to log into an account using their victim’s unencrypted session, known as session hijacking. So, for example, if a person is logged into their Facebook account on a public hotspot, the hacker can sniff out those packets, capture the user’s authentication cookie, and then connect into their account using their active session. Again, this may sound complicated, but many sniffers make it extremely simple; the only requirement is having some unsuspecting victim using an unencrypted connection on the same hotspot as the packet sniffer.
That’s more of a situational use of a sniffer. The more common and more valuable usage is data-capture. The average user doesn’t pay attention to matters of encryption (thankfully, many of the big website developers do), so a lot of data is sent out into the world for all to see. A sniffer can capture this, recompile it into a readable format, then provide its naked contents to the hacker. Text messages, emails, credentials, documents; if it isn’t encrypted, it’s vulnerable.
It’s because of packet sniffers that most data you transmit is secured using an encryption, whether you're aware of it or not. Most emails you send and websites you visit are encrypted in such a way that they theoretically provide nothing of value to someone who snatches their traffic from the air. This encryption can be cracked by anyone motivated enough, but for someone who’s just eavesdropping at a coffee shop, the ones that pass through unsecured tend to be tastier prey.
PLUGGING THE SINUSES
Packet sniffers are a common hacker tool, but it’s not the most practical. Hackers prefer to cast wide nets using phishing schemes, rather than going out into the world to sniff out data. In the rare instances that they have a target in mind, however, it’s a useful way of gaining access to sensitive information, though perhaps not as useful as socially engineering a way in.
Nevertheless, you can help protect yourself and your network in a few pretty easy ways. Never transmit important data through email. While most email communication is encrypted through SSL, the best way to avoid having it fall into a hacker’s hands is to not have it pass through them in the first place. As a best practice, try not to place passwords, PIN numbers, and bank accounts into emails. Also, when visiting a website, ensure that you’re connecting through https rather than http when transmitting important information. Lastly, avoid using unsecure public wi-fi. If you have to use it, don’t do your banking on it or sign into any accounts that you’d rather ensure are private. You never know who might be sniffing around.