Packet sniffer

To illustrate how a packet sniffer works, first one must understand how a network hub (as used in this example) works.

When network traffic is sent from upstream to a host attached to the hub, the hub re-transmits this data to all hosts on the hub. By default, the NIC in a computer is not set to promiscuous mode, in other words, unless the traffic is addressed to (a) broadcast or (b) specifically its address, it ignores it.

At this point, the packet sniffer can operate in one of two modes, it can sniff only the traffic addressed to it, or it can enter promiscuous mode and sniff all traffic recieved.

Since the most common use of packet sniffers is on college networks, the obvious choice is to tell your packet sniffer of choice to enable promiscuous mode. At this point, you are now recieving a massive list of all network traffic generated by everyone on your hub.

At most dorms, this is a good 10+ people on a single network hub, which enables the person running the sniffer to gather POP and IMAP passwords (generally unencrypted), as well as monitor AIM/IRC conversations, keep track of what websites everyone browses, etc.

And the packet sniffer is nice enough to sort by which IP address each packet comes from, and filter based on protocol.

This only covers the negative aspects of packet sniffers, however, and they have many legitimate reasons such as testing to see if a NIC is functioning properly, to ensure that workers in an office aren't cruising porn sites on company time, etc.

To guard against packet sniffing on your network use switches and routers instead of hubs - switches only forward packets to the ethernet address it's addressed to, so it can't be sniffed by a third-party. An entry level switch is only slightly more expensive than a hub, and will give a slight performance increase as well

If you're stuck with a poorly designed/cheaply implemented network, (as you might find in university halls of residence, the greatest risk is from packet sniffing by people on your local segment- they know the most about you, and can use sniffed information to their advantage most readily¹. Your best defense against this kind of thing is to use strong encryption for everything you do:

Encrypt your email: Modern email programs can use SSL/TLS when communicating with the server, preventing a sniffed session from yielding any passwords or emails. To protect against packet sniffing further down the line, interception by rogue admins, police, the FBI, aliens, etc. , the actual message has to be encrypted. Programs like PGP and GPG make this process user-friendly.

Safety when web browsing: Don't use any passwords that you use anywhere else to access a website, and think carefully before submitting personal information². Most browser/server combinations send passwords and data completely unencrypted, unless they're using SLL (recognisable by a padlock icon, and https:// in the location bar)

SSH: SSH is your friend. If you have a shell account that allows SSH port forwarding, use it instead of a direct connection for any servers you use regularly, for example the web proxy³, NNTP(newsgroups), email, and FTP (If you must use it).⁴ Finally, to transfer files from your shell account to your desktop, use SZ/RZ over SSH instead of FTP.

Unsafe applications: Don't use protocols that pass plain-text passwords. These include, but are not limited to, FTP, telnet, SMTP, POP3, windows SMB filesharing protocol, unix NFS filesharing protocol, and just about any others that were designed in the eighties. If you absolutely have to use these, do it over an SSH port forward, or use a version that incorperates TLS.

1 - Not to mention that everyone's data goes through the main switch or internet gateway, so if the admins wanted to sniff you, there's not a lot you could do about it.

2 - Even if the session isn't sniffed, how do you know the webmaster can be trusted?

3 - On most networks, outgoing web traffic is transparently redirected through their web proxy anyway, so talking to it directly over an encrypted link gives security at no loss of speed.

4 - In theory, at least, the admins are probably more trustworthy and professional than your roommate is...