Today's networks are increasingly employing
"switch" technology, preventing this technique from being as
successful as in the past. It is still useful, though, as it is becoming
increasingly easy to install remote sniffing programs on servers and routers,
through which a lot of traffic flows . Packet sniffing is a form of wire-tap
applied to computer networks instead of phone networks. It came into vogue with
Ethernet, which is known as a "shared medium" network. This means
that traffic on a segment passes by all hosts attached to that segment.
Ethernet cards have a filter that prevents the host machine from seeing the
traffic addressed to other stations. Sniffing programs turn off the filter, and
thus see every ones traffic. Today's networks may already contain built-in
sniffing modules. Most hubs support the RMON standard, which allow the intruder
to sniff remotely using SNMP, which has weak authentication. Many corporations
employ Network Associates "Distributed Sniffer Servers", which are
set up with easy to guess passwords. Windows NT machines often have a
"Network Monitoring Agent" installed, which again allows for remote
sniffing. Packets sniffing is difficult to detect, but it can be done. But the
difficulty of the solution means that in practice, it is rarely done. A
dedicated device designed for the purpose of monitoring network traffic in
order to recognize and decode certain packets of interest. A software package
that enables a general-purpose computer to recognize and decode certain packets
of interest. The packet sniffer is normally used by system administrators for
network management and diagnostics. A program and/or device that monitors data
traveling over a network. Sniffers can be used both for legitimate network
management functions and for stealing information off a network. Unauthorized
sniffers can be extremely dangerous to a network's security because they are
virtually impossible to detect and can be inserted almost anywhere. On TCP/IP
networks, where they sniff packets, they're often called packet sniffers.
Packet sniffing is listening (with software) to the raw network device for
packets that interest the user. When the user’s software sees a packet that
fits certain criteria, it logs it to a file. The most common criteria for an
interesting packet is one that contains words like "login" or
"password." There are lots of existing packet sniffers, but all the
existing ones have a demerit in terms of allowing only specific types of
sniffers. We need a generic sniffer. Hence we are proposing to develop the
same.
No comments:
Post a Comment