Security in Computer Networks

8.7.2 Packet Sniffing
Home | Introduction | 8.1 What Is Network Security? | 8.2 Principles of Cryptography | 8.3 Authentication | 8.4 Integrity | 8.5 Key Distribution and Certification | 8.6 Access Control: Firewalls | 8.7 Attacks and Countermeasures | 8.8 Security in Many Layers: Case Studies

A packet sniffer is a program runnig in a network-attached device that passively receives all data link-layer frames passing by the device's network adapter.  In a broadcast environment such as and Ethernet LAN, this means that the packet smiffer receivers all frames being transmitted from or to all hosts on the LAN.  Any host with an Ethernet card can easily serve as a packet sniffer, as the Ethernet frames.  These only be set to promiscuous mode to receive all passing Ethernet frames.  Theses framse, in turn, can be passed on to application programs that extract application-level data.
 
Packet-sniffing software is freely available at various Web sites and as commercial products.  Professors teaching a networking course have been known to assign lab exercises that involve writing a packett-sniffing and application-level data reconstruction program.
 
The key to detecting packet shiffing is to detect network interfaces that are running in promiscuouc mode.  Within an enterprise, network managers may install software in all the enterprise's computers that will alert the managers when an interface is configured in promiscuous mode.  Various trcks can also be performed remotely to detect promise interfaces.

kurose_320719_c08f25.gif