Sniffers

Carding

Carding

Professional
Messages
2,871
Reaction score
2,472
Points
113
Sniffers are programs that can intercept and analyze network traffic. Sniffers are useful in cases where you need to extract any information from the data stream (for example, passwords) or perform network diagnostics. The program can be installed on one device to which there is access, and within a short time receive all transmitted data.

How sniffers work

You can intercept traffic through a sniffer in the following ways:
  • by listening in normal mode on the network interface,
  • connection to the channel gap,
  • redirecting traffic,
  • by analyzing spurious electromagnetic emissions,
  • by attacking the link and network layer, leading to a change in network routes.

The data stream intercepted by the sniffer is analyzed, which allows:
  • identify parasitic traffic (its presence significantly increases the load on network equipment),
  • detect the activity of malicious and unwanted programs (network scanners, Trojans, flooders, peer-to-peer clients, etc.),
  • intercept any encrypted or unencrypted user traffic to extract passwords and other valuable data.

whireshark_thumb.jpg


Examples of famous sniffers:
  • WinSniffer - has many different customizable modes, is able to intercept passwords of various services;
  • CommView - processes data transmitted over the local network and the Internet, collects information related to the modem and network card, and decodes them, which makes it possible to see a complete list of network connections and statistics on IP. The intercepted information is saved in a separate file for further analysis, and a convenient filtering system allows you to ignore unnecessary packets and leaves only those that are needed by the attacker;
  • ZxSniffer is a compact sniffer known for its low volume (0.3 MB);
  • SpyNet is a very popular analyzer, the main functionality of which is to intercept traffic and decode data packets;
  • IRIS - has extensive filtering capabilities, can intercept packets with specified restrictions.

Sniffers classification

It is possible to intercept data streams both legally and illegally. The concept of "sniffer" is applied specifically to an illegal scenario, and legal products of this kind are called "traffic analyzer".

Solutions applied within the legal framework are useful in order to obtain complete information about the state of the network and understand what employees are doing in their workplaces. The help of such programs is valuable when it is necessary to "listen" to the ports of applications through which sensitive data can be sent. They help programmers to debug, check network communication scenarios. Using traffic analyzers, you can timely detect unauthorized access to data or DoS attacks.

Illegal interception involves spying on network users: an attacker will be able to obtain information about which sites the user is visiting, what data he is sending, as well as learn about the programs used for communication. However, the main purpose of illegal "listening" to traffic is to obtain logins and passwords transmitted in unencrypted form.

Sniffers differ in the following functional features:
  • Support for data link protocols as well as physical interfaces.
  • Decoding quality of protocols.
  • User interface.
  • Access to statistics, real-time traffic viewing, etc.

Source of threat

Sniffers can work on a router, when all traffic passing through the device is analyzed, or at an end node. In the second case, the attacker exploits the following circumstance: all data transmitted over the network is available to all devices connected to it, but in the standard mode of operation the network cards do not notice the "foreign" information. If you put the network card into promiscuous mode, you will be able to receive all data from the network. And, of course, sniffers allow you to switch to this mode.

Risk analysis

Any organization and any user can be at risk of sniffing - provided that they have data that would be of interest to an attacker. At the same time, there are several options for how to protect yourself from information leaks. First, you need to use encryption. Secondly, you can use anti-sniffers - software or hardware tools that can detect interception of traffic. It should be remembered that encryption in itself cannot hide the fact of data transfer, therefore, you can use encryption in conjunction with anti-sniffer.
 
What is a sniffer
Sniffers (from English sniff, which means to sniff) are programs that intercept network traffic and receive information from there, "sniffing" it.
Click to expand...
It can be used both for legal purposes and not so much. It is absolutely legal to listen to your own traffic or the traffic of your network. But it is already a violation of the law to collect and analyze other people's network packets. Now, when many people use wireless Internet, this is even more relevant.
There are a huge number of sniffers. There are those developed for a specific operating system (for example linux_sniffer.c, which only supports Linux), or for several systems (for example, Sniffit, works with BSD, Linux, Solaris).

Why intercept traffic?
In short, in the first case, it is more common to detect a malicious program (most of them send and receive data from the Internet), and in the second case, to receive logins and passwords, which are naturally also transmitted over the Internet ...
Now it has become more difficult to sniff traffic due to the fact that encryption tools are used. For example HTTPS. Such a green lock in the address bar of some sites. This means that the data that you enter on this site (logins, passwords, payment data) is transmitted in encrypted form. If there is no lock, then the HTTP protocol and all data is transmitted in clear text, not encrypted in any way. It is very easy to intercept them. And if 5 years ago it was difficult to find a site with HTTPS, now all large sites use it. But this does not mean that they cannot be intercepted, it is just harder to do it)
The most popular sniffer is probably Wireshark. It is available for both Windows and Linux. Developed back in 1999) It has a lot of features, so it's rather difficult for a beginner.
And two more good sniffers - Intercepter-NG and NetworkMiner. They are written for Windows, but already exist for other systems. They are simpler than Wireshark. Intercepter-NG is aimed at listening to other people's traffic, and NetworkMiner is aimed at listening and analyzing its own traffic.

Is it possible to protect yourself from sniffers by strangers in your network?
Yes there is. The simplest is to use traffic encryption. For example, use VPN.
There are also anti-sniffing special programs. They are aimed at detecting computers on the network whose network card is configured to listen, not receive.
For Windows, this is AntiSniff for Windows (by the way, the first program of this type). A similar program was made for Linux and other Unix systems, it is called AntiSniff for Unix.
 
You must log in or register to reply here.

Similar threads

S
How do carders use fake Wi-Fi hotspots to intercept card data?
Replies
0
Views
331
Student
S
S
Introduction to MITM technique and its application in carding
Replies
0
Views
306
Student
S
S
What tools are used to analyze traffic when intercepting card data?
Replies
0
Views
267
Student
S
B
Multi Password Stealer 1.6 PREMIUM Files & TOOLS
Replies
1
Views
207
alibbhi11
A
Professor
Library of various software and scripts
Replies
1
Views
518
Professor
Professor
Back
Top