Understanding the role of packet sniffing is important for anyone charged with monitoring the health, stability, and security of a network. In this article, you’ll learn what packet sniffing is as well as practical use cases you, as a network admin, can expect to run into.
What is Packet Sniffing?
Packet sniffing is the process of collecting and logging packets of information that are sent between network nodes. These packets of data can then be gathered, stored and analyzed in order to better understand exactly what data is being sent across a given network.
Packet sniffing is a valuable tool for monitoring the performance of a network and diagnosing issues, but it is also helpful in observing potential security risks where sensitive data may be flowing in an unexpected way.
How Does Packet Sniffing Work?
Any given network is made of a collection of nodes, with network traffic flowing across them in order to transfer data between computers, servers, and other connected hardware. The smallest unit of data sent between nodes is the packet. Each packet is assigned a destination when it is sent, and typically as it travels along the network any intermediate nodes do nothing besides facilitate the flow of data.
Monitor and Report on Anything You Can Ping, Download a Free Trial of WUG Today!
Packet sniffing works by deviating from this default behavior so that the data from each packet is collected and logged along the way. Packet sniffing or other related software may then analyze the raw data to present it in a human-readable form for further examination by the system administrator. Monitoring the traffic between nodes allows the administrator to discover irregularities or undesirable outcomes resulting from ongoing network activity.
What is the Difference between Hardware and Software Packet Sniffers?
A hardware packet sniffer must be physically plugged into a device on the network in order to monitor the traffic flowing through the node. As it is plugged into the network and data physically travels across it, a hardware sniffer can ensure that no packets are lost due to filtering or other intentional or unintentional causes.
Software packet sniffers are far more common today. Rather than physically intercepting the data, packet sniffing software alters the default behavior of the node in which it’s installed. As noted above, by default nodes typically ignore data that is not addressed to them, but packet sniffing software can change the network configuration to one known as “promiscuous mode.” Once this is done, the node will begin gathering and logging the packets that it interacts with based on the settings of the software instructing it.
What are the Practical Use Cases for Packet Sniffing?
For network administrators, packet sniffing is a powerful tool that can provide important data on the health and security of your network. Common use cases include:
- Testing SSL or HTTPS encryption by monitoring responses received
- Examining traffic for clear-text usernames, passwords or other sensitive data so that proper encryption can be added before it is seen by any (nefarious) third parties
- Analyzing consumption trends on a network to determine bottlenecks/faults and better understand which applications are most/least used
- Determining the network status of devices by observing their response to a network request
- Detecting packets on improper networks or ports (suggesting a misconfiguration exists)
- Ensuring correct/most-efficient routing is taking place for DNS requests, etc.
It should be noted that a packet sniffer can only observe the traffic that flows through a specific node. Compared to a centrally located server, a node located in a remote section of the network will only see a small slice of network data. Similarly, if a network comprises multiple wireless channels, but the network adapter in question can connect to only one at a time, it will only see the data on that channel.
To get a complete picture of your network traffic, packet sniffing software may need to be installed on multiple nodes.
Get Powerful Network Monitoring
Packet sniffing (on multiple nodes and channels) is provided out of the box with WhatsUp Gold, our all-in-one network monitoring solution. Get started with a free trial today and unlock the tools you need to ensure your network is always operating securely and at peak performance.