A sniffer (also known as a network analyzer, packet analyzer or protocol analyzer) is a computer program, which is used to monitor and analyze the network traffic transmitted from one network location to another. A sniffer captures each packet of information, decodes it and gives for its owner the ability to see its content. If a sniffer is used by a reliable person, it is not considered dangerous application because it is used for troubleshooting and monitoring purposes or detecting network intrusion attempts. However, sniffers also can be used by malicious people who seek to steal people's sensitive information that is transmitted by them over a network. This information can be very different. It can include victims' login names, passwords, bank account details, credit card numbers, identity details and other valuable data that can be used for dangerous activities.
A sniffer can be installed on any computer connected to a local network. It often does not necessarily need to run on the affected system. It can easily hide in hacker’s PC and help it to steal needed information. This technology also requires a person between a packet sender and recipient. However, a sniffer can also be installed on a compromised computer to intercept the network traffic and cause other activities. A sniffer can be also a physical device, usually a specific router with sniffing capabilities. It works in the same manner as typical sniffers but its detection can be even more complicated.
To sum up, sniffers are divided into legitimate applications and tools designed by hackers specially for stealing personal information and other activities. Both, legitimate and malicious sniffers are considered very similar programs that can be used for the same purpose. The only difference is that malicious sniffers are often specialized tools with non-standard features.
Sniffer's activity on the system and its consequences:
A sniffer doesn’t seek to infect the system with other threats. Also, it can’t cause any performance or stability problems or pose a serious harm to data that is kept on your computer. Nevertheless, a malicious version of a sniffer can easily cause serious privacy-related activities. This program doesn’t require a lot of system resources and have no graphical user interface (GUI), so it is very difficult to detect it when it is inside the computer. When inside it, it can be used by hackers to violate privacy of the victim. The tracking behind his or hers back can be performed for months and even years until it is noticed. During all this time, a sniffer is used for providing the attacker with all the information he/she needs. He/she will be capable of finding out passwords, login names, contacts, identity data, even credit card numbers and much more. All this information can be used to break into the system, steal or disclose user confidential data.
To sum up, these are the most important activities needed for by the developers of sniffers to reach their goals:
- Monitoring user's network usage and filtering defined packets.
- Capturing all the network packets transmitted from one network location to another.
- Logging data found in captured packets and saving it into a file.
- Letting the attacker analyze logged data to find out login names, passwords, credit card numbers, identity details and other valuable information.
Methods that are used for infiltrating computers:
Sniffers are not viruses and, therefore, cannot propagate by themselves and must be controlled by certain persons. They can be installed as any other software with or without user content. There are two major ways unsolicited sniffers can get into the system.
- A legitimate sniffer can be manually installed by system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup own malicious sniffer. In both cases a privacy threat gets installed without the affected user’s knowledge and consent.
- Malicious sniffers often are installed by other parasites like viruses, trojans, backdoors or worms. They get into the system without user knowledge and affect everybody who uses a compromised computer. Such sniffers do not have any uninstall functions and can be controlled only by their authors or attackers.
Examples of Sniffers:
Sniffers are considered quite rare applications that are filled with practically the same functionality. The following examples illustrate typical activity of sniffer software:
Ethereal. This is a popular packet of sniffer software, which is considered legitimate. The primarily task of this group of programs is to troubleshoot various tasks and monitor changes. This packet of sniffers offers a graphical user interface, effective display filters and integrated packet editing tools. Ethereal saves collected data into a file and gives the user an ability to analyze it later. Currently, this application supports more than 800 different network protocols and works almost in any network and operating system.
BUTTSniffer is a sniffer program designed for malicious purposes entirely. It supports multiple network protocols, allows to filter the sniffed data and saves this collected information into a file. BUTTSniffer can work as a standalone application or as a plugin for some parasites, such as the infamous Back Orifice remote administration tool(RAT) and similar threats.
Removing a sniffer and its components from the system:
You can double check your computer for malicious sniffers with the reliable anti-spyware. In this stage, there are several programs that are capable of finding programs that are categorized as sniffers. These programs are: Reimage, Malwarebytes Anti Malware. However, you should always remember that the biggest part of sniffers do not have nothing in common with the malware. That means that they can't be detected with anti-malware software and must be manually uninstalled manually. In this case, users can run into problems because not all these sniffers have functional uninstall feature.
If you are having problems with the removal of sniffer software, you can always send your question to 2-Spyware.com security experts and ask them for help. You can do that thru Ask Us page, which connects PC owners, infected PC users and other people who need help with the most advanced PC experts.
Database of Sniffers Parasites
April 9th, 2004 | No Comments
ADM sniffer is a sniffing tool from ADM crew. ADM crew is know company of people who makes various hacking too...