Sniffing Out Packet Sniffers
Source: Earthweb - Posted by Dave Wreski   
Intrusion Detection One of the oldest methods of stealing information off of a network is through packet sniffing. In case you aren't familiar with the term, packet sniffing refers to the technique of copying each packet as it flows across the network. While . . . One of the oldest methods of stealing information off of a network is through packet sniffing. In case you aren't familiar with the term, packet sniffing refers to the technique of copying each packet as it flows across the network. While this may prove a boon for network managers for traffic analysis, it also allows access to malevolent hackers. Today, protocols such as IPSec are designed to prevent packet sniffing by encrypting packets. However, many networks have not yet employed this encryption technology, or are only encrypting a portion of their data. Because of this, packet sniffing is still a viable method for stealing information.

The reason that packet sniffing works is due to the way Ethernet networks send their packets. Any time that a PC sends out a packet, it is sent out as a broadcast. This means that every PC on the network sees the packet. However, every PC is supposed to ignore the packet, except for its intended destination.

As mentioned, packet sniffing works by making a copy of each packet as it flows across the network. In the past, it has been difficult to tell if anyone on your network is engaging in packet sniffing. After all, no one is hacking into a server or anything, so the audit logs wouldn't indicate any sort of unusual activity. A person who's packet sniffing is merely reading information as it comes to them.

Read this full article at Earthweb

Only registered users can write comments.
Please login or register.

Powered by AkoComment!