2. Index
Introduction
Types of environment
Varieties of packet sniffers
What is it used for
Components
Working
Applications
Disadvantages
Types of softwares available
2
3. INTRODUCTION
Router A Host B
Host A Router B
A packet sniffer is a software application that uses a network
adapter card in promiscuous mode to capture all network packets.
The feature of packet sniffers is:-
Packet sniffers exploit information passed in clear text.
Protocols that pass information in the clear include the following:
Telnet
FTP
SNMP
POP
4. Varieties of packet sniffers
• Today, sniffers exist in two broad varieties:
• The first is a stand-alone product incorporated into a
portable computer
• The second is part of a larger package of network-
monitoring hardware and software
• Basically Commercial packet sniffers are used to help
maintain networks.
• Underground packet sniffers are used to break into
computers.
•3/16/2013
5.
6. • Used to debug communication between a client and a
server.
• Help in identifying who is communicating with
whom and what data is sent and received over the
network.
• Used in monitor how a network as used and
also used to monitor network users.
• Used to make network more secure - In order to
come through to your network, it must pass through
the packet sniffer.
3/16/2013
7. • Used in identify network problems before they become
serious.
3/16/2013
8.
9.
10.
11.
• This lets the packet sniffers see all data traffic
on the network segment to which they're
attached
• For this to happen sniffer must be located
within the same network block (or net of trust)
as the network it is intended to sniff, sniffer
could be placed anywhere within that block
12.
13.
14. Applications:
1. Analysing the band with used.
2. Determining the hackers if any are trying
to access .
3. Know the ip address of different systems
connected to your system
4. Analyse the traffic flowing through the
network
15. Disadvantages:-
• Configuring your network device to read all network
packets that arrive which might contain trojan horses, you
might also open doors to allow intruders access to your
confidential data and network files.
3/16/2013
16. Packet sniffer softwares available
in the market are :
1. Wire shark
2. Net stumbler
3.Packet sniffer
4. Microsoft Network Monitor
etc..
17. Wire shark :
•Wire shark is the world's foremost network protocol
analyzer.
• It is the de facto (and often de jure) standard across
many industries and educational institutions.
• It lets you capture the traffic and browse it on a
computer network.
• Lets be specific about this software and
observe the process ……….
•17
18. Features of Wireshark:
• Available for UNIX and Windows.
• Capture live packet data from a network interface.
• Display packets with very detailed protocol information.
• Saves captured packet data.
• Import and Export packet data from and to a lot of other
capture programs.
3/16/2013
19. • Filter packets on many criteria.
• Search for packets on many criteria
• Colorize packet display based on filters.
• Create various statistics
3/16/2013
20. Wireshark does not provide:
• It will not warn you when someone does strange things
on your network that he/she isn't allowed to do. But
wireshark might help you figure out what is really going
on.
• Wireshark will not manipulate things on the network, it
will only "measure" things from it.
3/16/2013
21.
22.
23.
24. Now its time for us to have a glance at the sample C
code of a packet sniffer
Screen shots: