To many users of computer networks, inIn general, such a thing as a “sniffer” is unfamiliar. What is a sniffer, try and define, in simple terms unprepared user. But for starters, you still have to delve into the predestination of the term itself.
In fact, to determine the essence of such a software or hardware-software complex is not difficult at all, if you simply translate the term.
This name comes from the English word.sniff (sniff). Hence the meaning of the Russian term "sniffer". What is sniffer in our understanding? “Nyuhach”, capable of tracking the use of network traffic, and, more simply, a spy who can interfere with the work of local or Internet-based networks, extracting the necessary information based on access via TCP / IP data transfer protocols.
Make a reservation immediately:The sniffer, whether it is a software or conditional software component, is able to analyze and intercept traffic (transmitted and received data) exclusively via network interface cards (Ethernet). What is the result?
The network interface is not always protected by a firewall (again, software or hardware), and therefore the interception of transmitted or received data becomes just a matter of technology.
Inside the network information is transmitted by segments.Inside one segment it is supposed to send data packets to absolutely all devices connected to the network. Segmental information is redirected to routers (routers), and then to switches (switches) and hubs (hubs). Sending information is done by splitting the packages, so that the end user receives all parts of the combined together package from different routes. Thus, “listening” of all potential routes from one subscriber to another or interaction of an Internet resource with a user can give not only access to unencrypted information, but also to some secret keys that can also be sent in such an interaction process. And here the network interface turns out to be completely unprotected, because a third party intervenes.
Sniffer can be used both to the detriment and to the good.Not to mention the negative impact, it is worth noting that such software and hardware systems are often used by system administrators who try to track the actions of users not only on the network, but also their behavior on the Internet in terms of visited resources, activated downloads on computers or sending .
The method by which the network analyzer works,simple enough. Sniffer determines outgoing and incoming traffic of the machine. In this case we are not talking about internal or external IP. The most important criterion is the so-called MAC-address, unique to any device connected to the global network. It is on it that each machine in the network is identified.
But also by types they can be divided into several main ones:
You can detect the same WiFi sniffer by loadon the net. If you can see that the data transfer or connection is not at the level that the provider claims (or allows the router), you should pay attention to it immediately.
On the other hand, the provider can also runsoftware sniffer to monitor traffic without the user's knowledge. But, as a rule, the user does not even know about it. But the organization that provides communication services and Internet connections thus guarantees the user complete security in terms of intercepting flooding, self-installing clients of heterogeneous peer-to-peer networks, Trojans, spies, etc. But such tools are more software and have no particular effect on the network or user terminals.
But the traffic analyzer can be especially dangerous.online type. On the use of sniffers built a primitive system of hacking computers. The technology in its simplest version comes down to the fact that initially the hacker is registered on a specific resource, then uploads a picture to the site. After confirming the download, a link to an online sniffer is issued, which is sent to a potential victim, for example, in the form of an e-mail or the same SMS with a text like “You received congratulations from someone else. To open a picture (card), click on the link ".
Наивные пользователи кликают по указанной hyperlink, as a result of which the identification and transmission of the external IP address to the attacker is activated. If there is an appropriate application, it can not only view all the data stored on the computer, but also easily change the system settings from the outside, which the local user will not even guess by accepting such a change as a virus. Yes, only the scanner when checking out will give out zero threats.
Whether it's a WiFi sniffer or any other analyzer,protection system against unauthorized scanning of traffic is still there. The condition is one: they need to be installed only under the condition of complete confidence in the "tapping".
Такие программные средства чаще всего называют "Anti-sniffer". But if you think about it, these are the same sniffers that analyze traffic, but block other programs that are trying to gain unauthorized access.
Hence the legitimate question: is it worth installing such software? Perhaps, hacking by the hackers will cause even more harm, or will it itself block what should work?
In the simplest case with Windows systems inAs protection, it is better to use the built-in firewall. Sometimes there may be conflicts with the installed antivirus, but more often it concerns only free packages. Professional purchased or monthly activated versions of such defects are deprived.
That's all about the concept of "sniffer."What is a sniffer, I think, many have already realized. Finally, the question remains: how well will an ordinary user use such things? But then in fact among young users, you can sometimes notice a tendency to computer hooliganism. They think that hacking someone else's "comp" is something like an interesting competition or self-affirmation. Unfortunately, none of them even think about the consequences, and it’s very easy to identify an attacker using the same online sniffer based on his external IP, for example, on the WhoIs website. As the location, however, the location of the provider will be indicated, however, the country and the city will be determined exactly. Well, and then it’s small: either a call to the provider in order to block the terminal from which unauthorized access was made, or a court case. Draw your own conclusions.
With the definition program installedthe location of the terminal from which access is being attempted is even simpler. But the consequences can be catastrophic, because not all users use those he-anonymizers or virtual proxies and do not even have a clue how to hide their IP on the Internet. And it would be worth learning ...
