A packet sniffer is software capable of intercepting or eavesdropping on a system’s traffic, on a particular segment of a network, or the whole network, depending upon its placement.
Packet sniffers collect data that can be captured and saved for later analyses or data-mining activities.
Communication between systems occurs in the form of small segments of data called ‘packets’.
When one system wants to send a file to another system, a connection is initiated from the sender system to the receiver system through a transfer of packets.
The sender system will fragment the data that needs to be sent into packets of permissible size according to the network, and the receiving system will put together the incoming packets to construct the data file.
During normal communications, systems only listen for and respond to packets that are destined for their hardware address. But packet sniffers disable this filter and put the network cards in promiscuous mode.
This mode allows the network card to capture all the traffic that comes across the Ethernet cable and store it in files via the packet sniffer.
Hackers can use packet sniffers to eavesdrop on data flowing across the cabling system and construct meaningful data out of captured packets.
In the case of HTTP, FTP, Telnet, SMTP, and POP3 (if used without encryption), the data can be captured and completely reconstructed. This may reveal passwords, which malicious users are always looking for.
The best way to evade giving out any information through packet sniffing is to use encryption while communicating.
Well-known examples of software packet sniffers are Wireshark and Ethereal.