academy
Security
Privacy
Performance
Select language
Avast Academy Security Other Threats What is a Sniffer, and How Can I Protect Against Sniffing?

What is a Sniffer, and How Can I Protect Against Sniffing?

A sniffer is a software or hardware tool that allows the user to “sniff” or monitor your internet traffic in real time, capturing all the data flowing to and from your computer. Read on to learn how sniffers work, what they’re used for, and how you can protect your data against sniffers with a VPN.

Sniffer-Hero

So what does a sniffer do?

Sniffers aren’t always bad news. In many cases, administrators use sniffing tools to maintain a steady flow of traffic through their networks. They can detect bandwidth hogs, such as anyone making heavy use of file-sharing programs, and then take appropriate action. The word “Sniffer” with a capital S refers to the trademarked name, now owned by NetScout, of one such monitoring tool.

Hamburguer menu icon

This article contains:

    But if you’re asking what a sniffer attack is, you’re probably less concerned with legitimate applications of sniffing technology, and more with how someone might be using that tech against you. These devious little programs go by a variety of names — network probes, wireless sniffers, Ethernet sniffers, packet sniffers, packet analyzers — but no matter what you call them, they all get up to the same mischief: eavesdropping on you.

    Sniffers get the job done by capturing and inspecting the data “packets” traveling along a network. Imagine internet traffic like real-world traffic: It’s like a series of cars driving on a road, and it ebbs and flows depending on a variety of factors. On the internet, each car is a packet, and the people inside are the data it carries.

    Some sniffers are available as hardware appliances, often built directly into network devices such as routers for convenient management. But in most cases, people opt for sniffing software over hardware.

    What is sniffing software used for?

    When first created, sniffers were (and can still be) very helpful tools for engineers to manage their networks. Because they allow administrators to view all the traffic on a network, they can be used to diagnose issues and assess performance.

    How do network admins use sniffing software? First, it’s important to understand how internet traffic generally works over a network. In most situations, your computer will only investigate packets that have been specifically addressed to it. Reaching back to the “cars driving on a road” metaphor, we can imagine your computer as a house along that road. You wouldn’t inspect every car that drives by your house, but if someone parks in your driveway, you’d likely open the door to see who it is. This is how your computer treats most packets of data: It ignores the ones going along the network to other destinations while inspecting the packets that are sent to it.

    Sniffing software adjusts a computer’s network settings so that it “sniffs” every packet — instead of just those sent to it — and copies them all for later investigation. Rather than answering the door only when someone comes to visit, the sniffer is glued to the window, watching all the cars as they drive by.

    Our window sniffer might obsessively monitor every car, or they might choose to investigate only trucks, or red cars, or cars with at least three occupants, or maybe just motorcycles. In other words, a person using a sniffer in unfiltered mode can harvest all the network’s traffic, or they can configure the sniffer to filter packets containing a specified type of data.

    Legitimate uses for sniffing software

    Skilled technicians place sniffers inside a network to tap into its traffic and track what’s being sent. You’ve probably seen at least one movie in which a crafty detective puts a tap on a suspect’s phone line, then listens in as they discuss all sorts of nasty business. Sniffers are essentially the same thing, but for the internet.

    Here’s a short list of a people who might make use of a network sniffer:

    • Network engineers: By analyzing the type and level of traffic on a network, engineers can use the data to optimize their network’s structure for efficiency and speed.

    • System admins: Network sniffers are amazing troubleshooting tools. Sysadmins can dive into bottlenecks or other slowdowns as they’re happening to examine the issue.

    • Employers: IT technicians at a corporate office may use sniffers to monitor their employees while at work. Employers can learn about the websites their workers are visiting, how much time they spend there, and whether they’re viewing or downloading anything they shouldn’t be.

    • Security professionals: Unusual traffic amounts or types can indicate that everything is not as it seems. Security teams can identify atypical internet usage patterns that may indicate the presence of a hacker or malware. Speaking of which...

    Criminal uses for sniffing software

    Network sniffers aren’t used only by the good guys. Cybercriminals can tap into a network and help themselves to all the traffic sent through it. By monitoring internet use, including emails and instant messages, a hacker may be able to access login credentials, insider information, and financial details. That’s why sniffers can be so dangerous in the wrong hands. And there are plenty of free sniffers available online — music to a cybercriminal’s ears.

    Cybercriminals will use social engineering tricks or phishing scams to fool their victims into downloading their sniffers. They may steer targets to infected websites that automatically download the sniffer when visited, or send emails with attachments that can install the malicious software.

    Alternatively, hackers can sniff unsecured public Wi-Fi networks, ensnaring the traffic of anyone who uses them. Wireless sniffers are especially popular in spoofing attacks, as the cybercriminal can use the data captured by the sniffer to “spoof” a device on the wireless network.

    Hackers use sniffers on unsecured Wi-Fi networks to spy on everyone who connects.

    How does a sniffer work?

    We’ve covered what sniffers can do, but how does a sniffer work? There are two main types of sniffing techniques: passive and active sniffing. The type of sniffing technique used depends on the structure of the network one is trying to sniff. Passive sniffing works with hubs, but if switches are involved, active sniffing is required.

    What is passive sniffing?

    Hubs are simple networking devices that connect several devices together into a single network. There aren’t any regulatory mechanisms that steer traffic to its intended recipient; rather, all devices receive all the traffic, and then determine whether or not that traffic is relevant.

    Because all devices in a hub receive all the network’s traffic, a sniffer can easily — and passively — soak up everything that’s being sent. There’s nothing to actually do other than sit back and sniff. This makes passive sniffing very difficult to detect. Not impossible, but difficult.

    How about active sniffing?

    As you connect additional devices to a hub, the higher levels of traffic can get overwhelming. Network switches are the solution to this issue. Switches regulate traffic within a network by sending data specifically to the device that is meant to receive it. A passive sniffer on a network hub will be able to see only the data going to and from its host machine.

    This is where active sniffing comes into play. In order to access all the traffic passing through the network, an active sniffer needs to get around or overcome the way switches direct everything. There are a few different ways to accomplish this, but all of them involve injecting additional traffic into the network. This is what makes it an active process, and what differentiates active sniffing from the passive variety.

    The upside for potential victims is that an active sniffer is easier to detect, because it gives its own presence away.

    How to protect against sniffing?

    Sniffing can be one of the sneakiest hacking techniques out there, but with a few precautions, you can keep your communications out of unwanted hands.

    Install a strong antivirus tool

    Keep sniffers off your devices with cybersecurity protection. Hackers will use viruses, Trojans and worms to deliver a sniffer to a target computer, and a strong antivirus tool will counter these attacks. Avast Free Antivirus provides 24/7 protection to block malware and offers extra security against malicious links, downloads, and email attachments.

    Avast Free Antivirus also features a network scanner that can identify whether or not you’re connecting safely to the internet. Unsecured networks are a sniffer’s favorite hunting ground, so connect with caution — or with a VPN.

    Encrypt your data with a VPN

    Once you’re all set up with your preferred security solution, it’s time to start thinking about encryption. It’s the best foil against sniffing, because even if you do get sniffed, your encrypted data is useless to someone using a sniffer. With no way of cracking the encryption, the sniffed data is useless.

    A VPN's encryption will render sniffing useless, as the sniffer will not be able to decrypt the data they harvest.

    To illustrate, let’s return once more to the creepy sniffer in the window of the house (a computer) that sits along the road (a network). The sniffer is watching all the cars (packets) as they drive by, and copying down the information of all the people inside each car (the data inside the packet). If you tint your car windows — encrypt your data — the weirdo watching from the window of the house can still observe your car passing by, but they can’t see what’s inside. This is the main reason why unsecured Wi-Fi networks are so popular with sniffers. Without encryption, all the data is lying out in the open, begging to be sniffed.

    A VPN, or virtual private network, encrypts all your online traffic. When you connect to the internet through a VPN, all your traffic passes through a securely encrypted tunnel, protected on all sides from eavesdroppers. Avast SecureLine VPN uses bank-grade encryption to keep your data safe even on unsecured public Wi-Fi networks. VPNs can do a lot of other things for you too, such as allowing you to access geo-restricted content. But from a security standpoint, a VPN’s encryption capabilities are its most valuable attribute.

    Don’t visit unencrypted websites

    Take a quick look at the URL of this website. See how it begins with “HTTPS”? Your browser might even be showing you a little padlock icon next to the URL. When you see HTTPS, the S stands for “secure.” Websites using HTTPS are encrypted, and your activity on those websites is protected while you’re there. That padlock icon is just one of many indicators you can use to determine whether or not a website is safe.

    Conversely, websites with HTTP instead of HTTPS don’t have the same degree of security. When you visit these sites, there’s no guarantee that somebody won’t be watching. If you have to head to a site without HTTPS protection, never enter any personal details, not even a login. 

    It’s important to note that HTTPS encryption only protects you at that specific website. For comprehensive online data encryption, use a VPN.

    Stay off public Wi-Fi

    Free Wi-Fi is a tempting offer, especially given how expensive some mobile data plans can be. But if you aren’t protecting yourself behind a VPN, resist the urge to hop onto an unprotected Wi-Fi network. Anyone else connected to that hotspot can help themselves to your data. Think about how many people connect in an airport, in a mall, or even at a cafe. When you use unsecured public Wi-Fi, you’re gambling your personal data on the chance that no one is sniffing at that time.

    Don’t use unencrypted messaging apps

    Just like unsecured Wi-Fi, unencrypted messages are easy bait for sniffers. Choose to chat with your friends and family via an app that encrypts messages for end-to-end protection. WhatsApp, Viber, LINE, and Telegram are several of the most well-known options. Chances are that you and your contacts are already using one of those.

    How can I find a sniffer on my network?

    After all this talk about sniffers and how crafty they can be, you’re probably eager to learn about countermeasures. As is with many things in life — checkups at the doctor, regular exercise, healthy eating — the best defense against sniffing is prevention. Using strong antivirus software along with VPN encryption will immunize you against the vast majority of sniffing attacks out there.

    As we’ve mentioned above, identifying the presence of a passive sniffer is not an easy task. Passive sniffers on Wi-Fi are essentially invisible, and so your best defense against those is encryption. If you’re on a switched network, you’ll be dealing with active sniffing, which does leave ripples in its wake. Network admins are trained to look for those signals, and they’ll know how to respond accordingly.

    Can I detect a sniffer on my own computer?

    It’s not always possible to detect a sniffer directly. However, if you suspect that you’re hosting a sniffer, you can look for the following signs:

    • Unexplained processes: Many sniffers run on a computer’s user level, meaning that the computer’s user accounts (like you) will be able to see them working.

    • Sudden reduction in storage: Some sniffers can hide themselves with a rootkit. But even these super-stealthy sniffers need to put their data somewhere. An unexplained loss in storage space can indicate a sniffer on your machine.

    Antivirus + encryption = sniffer prevention

    When it comes to sniffers, antivirus security software fills multiple roles at once. Avast Free Antivirus scans your network to alert you of any security risks. It will also block and detect the malware that hackers use to get their sniffers onto your computer. Pair your antivirus software with a top-tier data-encryption solution such as Avast SecureLine VPN, and you’ll be more than protected against sniffing attacks.

    Connect privately on your iPhone
    with Avast SecureLine VPN

    FREE TRIAL

    Connect privately on your Android
    with Avast SecureLine VPN

    FREE TRIAL