1. Overview
When the typical end user sends an instant message to his friend or family member
on the other side of the world, he might not give much thought to the technology that
makes it happen. The end user simply types the message in a window, and when they hit
the
Enter
button, the message is magically transported to their friend’s screen. While this
appears to be an instantaneous relay of data, in reality the message passes through a
legion of interconnected hardware devices that process the data before it arrives at its
destination.
Although it seems easy, the technology responsible is very complex and requires an
in depth understanding of communication protocols and how they are used by hardware
devices to pass and control data flow. A network administrator must understand the use
of hubs, switches, routers, TCP/IP, SMB and more in order to audit or debug network
communication. This brings us to the sniffer.
A sniffer is merely a data collection tool that allows its user to see what data is
passing on a network. This tool can come in the form of a simple software program
included with an OS (e.g., Windows Network Monitor, AIX iptrace) or as part of a
complex and very expensive hardware device (e.g., $40,000 GTX Multi-protocol
analyzer) that can handle multiple network lines and GBs of data. Though it is just a tool,
it, like many other simple tools, can be used for good or evil. For example, a sniffer can
help an administrator find a malfunctioning network card, just as easily as it can help a
malicious hacker monitor network traffic for user names, passwords, or other sensitive
data that could be abused to gain unauthorized access to a network.
This manual will describe how a sniffer works, and how it can be used to help you
troubleshoot a networking problem. We will also demonstrate methods in which you can
use a sniffer to troubleshoot applications that require network access to function. In
addition to these legitimate purposes, we will also illustrate how a hacker can abuse a
sniffer to gain access to private information. Hackers already know how to do this, so it
is imperative that you learn their attack methods so that you can properly protect your
networks.
2. Sniffer Fundamentals
Note: The following document is more than a user’s manual; it is also our attempt to
help educate you on the science of sniffing. We hope you will take the time to read this
entire manual so that you will be better equipped to defend yourself and to audit your
own wireless networks.