What Is Sniffing Software?

A sniffer is a software device that monitors the operation of network data. A protocol analyzer can be used both for legitimate network management and to steal network information. Protocol analyzers can be used for network operation and maintenance: such as monitoring network traffic, analyzing data packets, monitoring network resource utilization, implementing network security operating rules, identifying and analyzing network data, and diagnosing and repairing network problems, and so on. Illegal sniffer is a serious threat to network security, because it is essentially incapable of detection and easy to insert everywhere, so it is often used by cyber hackers as an attack weapon.

A sniffer is a software device that monitors the operation of network data. A protocol analyzer can be used both for legitimate network management and to steal network information. Protocol analyzers can be used for network operation and maintenance: such as monitoring network traffic, analyzing data packets, monitoring network resource utilization, implementing network security operating rules, identifying and analyzing network data, and diagnosing and repairing network problems, and so on. Illegal sniffer is a serious threat to network security, because it is essentially incapable of detection and easy to insert everywhere, so it is often used by cyber hackers as an attack weapon.

Chinese name

Sniffer

Big small

668KB

Time

2012-07-16

Category

Antivirus

Introduction to sniffer

Sniffer was originally launched by Network General and is owned by Network Associates. Recently, Network Associates decided to open a new sniffer product unit, which formed a private company and renamed Network General. Today, sniffer has become a characteristic product trademark of Network General. Due to the widespread use of professionals, Sniffer is widely used in all products that can capture and analyze network traffic.

Introduction to sniffer equipment

Before describing the concept of Sniffer, we first need to describe some basic concepts of LAN devices.

Data is transmitted on the network in small units called frames. A frame consists of several parts, and different parts perform different functions. Frames are shaped by specific software called a network driver, then sent to a network cable through a network card, reach their destination machine through the network cable, and perform the reverse process at one end of the destination machine. The Ethernet card of the receiving machine captures these frames and tells the operating system that the frames have arrived and then stores them. It is in this transmission and reception process that there are security issues.

Each workstation on a local area network (LAN) has its hardware address, which uniquely represents a machine on the network (this is similar to the Internet address system). When a user sends a packet, these packets are sent to all available machines on the LAN.

In general, all machines on the network can listen to the passing traffic, but will not respond to packets that do not belong to them (in other words, workstation A will not capture data belonging to workstation B, but Simply ignore this data). If the network interface of a workstation is in promiscuous mode (the concept of promiscuous mode will be explained later), then it can capture all the packets and frames on the network.

Sniffer listening principle

The Sniffer program is a tool that uses the characteristics of Ethernet to put a network adapter card (NIC, generally an Ethernet card) into a promiscuous mode . Once the network card is set to this mode, it can receive and transmit data on the network. Every packet.

Under normal circumstances, the network card only receives packets related to its own address, that is, packets transmitted to the local host. To enable Sniffer to receive and process information in this way, the system needs to support BPF, and Linux needs to support SOCKET-PACKET. But in general, the network hardware and TCP / IP stack do not support receiving or sending data packets that are not related to the local computer. Therefore, in order to bypass the standard TCP / IP stack, the network card must be set to promiscuous mode. In general, to activate this method, the kernel must support this pseudo-device BPFilter, and it needs root permissions to run this program, so Sniffer needs to be installed as root. If you only enter the system as a local user, it is impossible Smell the root password because Sniffer cannot be run.

Based on a model like Sniffer, it can analyze various information packets and describe the structure of the network and the machines used. Since it receives any data packet transmitted on the same network segment, there are also capture passwords, various information, Possibility of confidential information such as secret documents. This has become a common method used by hackers to expand the results of war, used to take control of other hosts.

Sniffer classification

Sniffer is divided into software and hardware. The software Sniffer includes NetXray, Packetboy, Net Monitor, Sniffer Pro, WireShark, WinNetCap, etc. Its advantages are cheap, easy to learn and use, and easy to communicate; the disadvantage is that it cannot capture the network All transmissions on the network, in some cases, it is impossible to truly understand the network failure and operation. The hardware Sniffer is usually called a protocol analyzer, which is generally commercial and expensive.

In fact, Sniffer in this chapter refers to software. It grabs the package, then opens and views its contents, you can get the password and so on. Sniffer can only capture packets in a physical network segment, that is, it is important that there is no routing or other equipment that blocks broadcast packets between you and the monitored target. Therefore, it is impossible for general dial-up users to use Sniffer to eavesdrop on other people's communication content.

Sniffer listening purpose

When a hacker successfully compromises a host and gains root privileges, but also wants to use this host to attack other hosts on the same network segment, he will install Sniffer software on this host, and The data packets transmitted on the device are intercepted to discover the packets of interest. If a matching package is found, it is stored in a LOG file. These conditions are usually set in packages that contain the word "username" or "password". Such packages usually contain things like hackers' passwords. Once the hacker intercepts the password of a host, he will immediately enter the host.

If Sniffer runs on a router or a host with routing capabilities, it can monitor a large amount of data, because all packets entering and leaving the network must pass through the router.

Sniffer belongs to level M attack. That is to say, only when the attacker has entered the target system, can the Sniffer attack method be used in order to obtain more information.

In addition to the password or user name, Sniffer can also get more information, such as an important message, financial information transmitted on the Internet, and so on. Sniffer can get almost any packet transmitted over Ethernet.

Sniffer is a relatively complicated attack method. Generally, only hackers are able to use it. For a newbie on the network, even if Sniffer is successfully compiled and run on a host, it will generally not be useful. Information, because the information traffic on the network is usually quite large, it is very difficult to receive all the packets indiscriminately, and then find the required information from it; moreover, if you listen for a long time, it is also possible to put the machine where the Sniffer is placed Hard drive burst.

Sniffer Android software

Basic information about sniffer

Sniffer WhatsApp

V1.02

Size: 668KB

Time: 2012-07-16

Security Antivirus Category:

language: English

System: Android 2.1+

Sniffer software introduction

In fact, the sniffer does not use any encryption protection measures, and the information is transmitted in plain text. All people on the unified WiFi network can easily obtain the content sent and received by other mobile phones, including photos and videos. You can experiment with sniffer software.

Sniffer (5 photos)

WhatsApp Sniffer Free is a tool for obtaining WhatsApp talks information in WiFi networks. It can capture the conversation content of iOS, Android, Nokia and other mobile phones using WhatsApp software. Windows mobile phones have not been tested successfully. Own push server and cannot get it. As long as the TCPDump protocol is used to read all the WiFi network packets and filter the information sent to or from WhatsApp server, you can directly see the chat content without any encryption and decryption process.

Sniffer Installation Guide

Please download the software apk file from the "Download Address", and then use the PC tool to install the downloaded apk file, or put the apk file directly into the memory card in the phone, and use the file manager to install

Sniffer resolution

QVGA (320 x 240), WQVGA (400 x 240), HVGA (480 x 320), 640 x 360, VGA (640 x 480), WVGA (800 x 480), FWVGA (480 x 854), qHD (960 x 540), DVGA (960 × 640), 480 × 1024, WSVGA (1024 × 600), WXGA (1280 × 800), XGA (768 × 1280), 1280 × 720

IN OTHER LANGUAGES

• English
• Čeština
• Dansk
• Deutsch
• Svenska
• Français
• Italiano
• Nederlands
• Norsk
• Polski
• Português
• Español
• 日本語
• 한국어