Answered: Hello! I need to answer this question.…

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Related questions

Question

Hello! I need to answer this question. The book is: "Computer Security and Penetration Testing e2". Thank you.

Question:

How do sniffers work? Can they be used for ethical purposes?

Expert Solution

Definition and It's Work

Sniffing :

When you transfer data to someone, it is broken down into small units called data packets. These data packets travel
along the network path and reach the receiver in its’ original form. Just like eavesdropping, during this process, data packets may be compromised by a third-party.

Sniffers work :

There are two main type of packet sniffers :

Hardware Packet Sniffers

A hardware packet sniffer is designed to be plugged into a network and analyze it. A hardware packet sniffer comes in handy when trying to examine traffic of a specific network segment. A hardware packet sniffer can ensure that there is no packet loss due to cause like filtering and routing. Ideally, a hardware packet analyzer stores the collected packets or forwards them on to a collector that logs the data collected by the hardware packet sniffer for further examination.

Software Packet Sniffers

Software packet sniffers are more common these days as they are open source. It is possible for any network interface attached to a network to receive every piece of network traffic that flows by, however, most are not configured to do so. A software packet sniffer configures the network interface so that is passes all network traffic.

This configuration is what is known as promiscuous mode, at least for most network adapters. Once a network interface is in the promiscuous mode, a packet sniffer functions to separate, reassemble and log all software packets that pass the interface. That traffic is then logged and used according to the packet sniffing requirements of the software.

A typical sniffing tool will be able to intercept:

The ports being used by each user
Web traffic (HTTP, HTTPS)
Mail traffic (IMAP, POP3, SMTP)
File transfer traffic (FTP, P2P)
Infrastructure traffic (DHCP, DNS, ICMP, SNMP)
Remote control (RDP, SSH, VNC)
Other UDP and TCP traffic

On a wired network, how much of this data can be collected depends on the structure of the network. Typically, it would take multiple packet sniffers to capture data on an entire network and since only the network traffic received by the network adapter is stored, traffic that exists on the other side of routers may not be visible.

On wireless networks, a Packet Sniffer typically only has access to one channel at a time. In order to capture data on multiple network segments, or multiple wireless channels, a packet sniffer is needed on each segment of the network.

Step by step

Solved in 2 steps

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.

Similar questions