Description

This article is from the Sniffer FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by others.

01 What a sniffer is and how it works

Unlike telephone circuits, computer networks are shared communication
channels. It is simply too expensive to dedicate local loops to the switch
(hub) for each pair of communicating computers. Sharing means that computers
can receive information that was intended for other machines. To capture the
information going over the network is called sniffing.

Most popular way of connecting computers is through ethernet. Ethernet
protocol works by sending packet information to all the hosts on the same
circuit. The packet header contains the proper address of the destination
machine. Only the machine with the matching address is suppose to accept the
packet. A machine that is accepting all packets, no matter what the packet
header says, is said to be in promiscuous mode.

Because, in a normal networking environment, account and password
information is passed along ethernet in clear-text, it is not hard for an
intruder once they obtain root to put a machine into promiscuous mode and by
sniffing, compromise all the machines on the net.

Continue to:

• Index
• next: 02 Where are sniffers available