A Quick Introduction To Packet Sniffing
Hey 👋, I see you popping into my little world again! Well, today we shall learn how to intercept packets just like missile interceptors work but this time data interception with Python.
So unlike most missile interceptors (ABMs) that detect, destroy and defend, packet sniffing involves detecting, capturing, reading and owning data.
Obviously, my primary language is Python and we shall do practical sniffing in the upcoming blog posts, but you could choose to do it in a different one.
So wait a minute, what exactly is packet sniffing?
🔹 Packet sniffing
Packet sniffing is a technique whereby packet data flowing across the network is detected and observed.
Packet sniffing collects the entire packet of each network transmission. Packets that are not encrypted can be reassembled and read in their entirety. For example, intercepted packets from a user accessing a website would include the HTML and CSS of the web pages.
Network administrators use packet sniffing tools to monitor and validate network traffic, while hackers may use similar tools for nefarious purposes.
Packet sniffing has many practical uses. Typically, packet sniffing is used for network troubleshooting. It can be part of pen-testing and we use sniffing tools to be able to achieve this and it resembles wiretapping.
🔹 Packet sniffer
A packet sniffer — also known as a packet analyzer, protocol analyzer or network analyzer — is a piece of hardware or software used to monitor network traffic.
A packet sniffer, sometimes called a packet analyzer, is composed of two main parts.
💨 First, a network adapter that connects the sniffer to the existing network.
💨 Second, software provides a way to log, see or analyze the data collected by the device.
🔹 What can be sniffed?
Using sniffing tools, attackers can sniff sensitive information from a network, including Email traffic (SMTP, POP, IMAP traffic), Web traffic (HTTP), FTP traffic (Telnet authentication, FTP Passwords, SMB, NFS) and many more.
🔹 How Does a Sniffer Work?
Regular network traffic is composed of data packets travelling from source to destination with no intermediate nodes or interceptions along the way.
Packet sniffing works by changing this default traffic behaviour where each packet travelling from source to destination is collected and logged along the way.
A packet sniffer is then used to analyze this collected data and convert it into a human-readable format so it can be further examined by the intercepting entity.
A sniffer normally turns the NIC of the system to a
promiscuous mode so that it listens to all the data transmitted on its segment.
Promiscuous Mode is a type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating in this mode.
🔹 Python Implementation
We shall see three different ways you can achieve packet sniffing with Python in the upcoming blogs and these will be;
🔸 Using Sockets
🔸 Using Packet-Sniffer
🔸 Using Scapy
I will be writing a tutorial article in the upcoming blogs on how you can use these to achieve packet sniffing with Python. So you may want to subscribe or follow me to keep updated!
This was to keep this article short and concise for a beginner and we shall be referring to this article in the blog posts that will follow.
🔹 Packet Sniffer & Capture Tools
There are lots of off-the-shelf tools you could get for your pen-testing. You can go read and research more about some of these;
📌 Savvius Omnipeek.
📌 Telerik Fiddler.
🔹 How do I protect myself?
The truth is, there is always a way smart people go around any network and even TCP & HTTPS can be intercepted or hacked!
Most sniffing attacks carried out by threat actors can be quite stealthy but you can implore some of these methods to be on a safer side.
✔ Use a good Antivirus
✔ A VPN can help
✔ Unencrypted Messaging Apps
✔ Choose HTTPS over HTTP
✔ Avoid Public Wi-Fi
In this article, you learnt what packet sniffing is, how it works, methods and safety guidelines to stay protected from being sniffed.
Cyber security starts with you and it involves everyone! We shall have practical introductions and sessions with Python in the upcoming blogs.
Once again, hope you learned something today from my little closet.
Please consider subscribing or following me for related content, especially about Tech, Python & General Programming.
You can show extra love by buying me a coffee to support this free content and I am also open to partnerships, technical writing roles, collaborations and Python-related training or roles.