WHAT IS A SNIFFER?
A sniffer, also known as a network analyzer, packet sniffer or ethernet sniffer, is a computer program that monitors and analyzes network traffic transmitted from one network location to another. A sniffer captures each packet sent, decodes it and allows to view its content. A sniffer is not a parasite or viral application. It is a specific networking tool targeted to system administrators and network managers, which use it for troubleshooting and monitoring purposes or to detect network intrusion attempts. However, sniffers also can be used by malicious persons to intercept and steal user sensitive information transmitted over a network. This information can be various login names, passwords, bank account details, credit card numbers, identity details and other valuable data that is not strongly encrypted.
A sniffer can be installed on any computer connected to a local network. It often runs not on the affected system, but on the hacker’s PC, as a person who sniffs must be located between packet sender and recipient. However, a sniffer can also be installed on a compromised computer in order to intercept network traffic of remote and that computer users.
A sniffer can be also a physical device, usually a specific router with sniffing capabilities. It works in the same manner as common software sniffers do. However, its detection can be even more complicated.
Sniffers are divided into legitimate applications and tools designed by hackers specially for their needs. Both sniffer types are very similar to each other and can be used for same purposes. The only difference is that malicious sniffers often are specialized tools with non-standard features. Navigate to malicious sniffers
WAYS OF INFECTION
Sniffers are not viruses and therefore cannot propagate by themselves and must be controlled by certain persons. They can be installed as any other software with or without user content. There are two major ways unsolicited sniffers can get into the system.
1. A legitimate sniffer can be manually installed by system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup own malicious sniffer. In both cases a privacy threat gets installed without the affected user’s knowledge and consent.
2. Malicious sniffers often are installed by other parasites like viruses, trojans, backdoors or worms. They get into the system without user knowledge and affect everybody who uses a compromised computer. Such sniffers do not have any uninstall functions and can be controlled only by their authors or attackers.
WHAT A SNIFFER DOES?
- Monitors network usage and filters defined packets.
- Captures all the network packets transmitted from one network location to another.
- Logs data found in captured packets and saves it into a file.
- Allows the attacker to analyze logged data in order to find login names, passwords, credit card numbers, identity details and other valuable information.
EXAMPLES OF SNIFFERS
Sniffers are quite rare specific applications with practically the same functionality. The following examples illustrate typical sniffer functions.
Ethereal is a popular legitimate packet sniffer used primarily for troubleshooting and monitoring purposes. It offers a graphical user interface, effective display filters and integrated packet editing tools. Ethereal saves collected data into a file and allows to analyze it later. Currently this powerful application supports more than 800 different network protocols and works almost in any networks and operating systems.
BUTTSniffer is a sniffer program designed for malicious purposes. It supports multiple network protocols, allows to filter the sniffed data and save collected information into a file. BUTTSniffer can work as a standalone application or as a plugin for some parasites such as the infamous Back Orifice remote administration tool.
CONSEQUENCES OF A SNIFFER ACTIVITY
A sniffer doesn’t pose any threat to the system or computer. It doesn’t cause any performance or stability problems. Nevertheless, a typical malicious sniffer is always a great privacy risk. This program doesn’t require a lot of system resources and have no user interface, so it is very difficult to detect. Hackers can use such sniffer to violate user privacy for months and even years until the user will notice a suspicious program. During all this time a sniffer will be providing the attacker with all the information he needs. He will be able to find out user’s passwords, login names, contacts, identity data, even credit card numbers and much more. All this information can be used to break into the system, steal or disclose user confidential data.
HOW TO REMOVE A SNIFFER?
Some malicious sniffers can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. However, most sniffers do not have nothing in common with the viruses and therefore must be manually uninstalled. However, not all these programs have functional uninstall feature.
2-Spyware.com provides manual sniffer removal instructions that allow the user to manually delete all the files, directories, registry entries and other objects that belong to a threat. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.