I know, I usually talk in layman’s terms when it comes to dealing with network topics. I won’t make an exception on this article. So let’s keep the jargon to the minimum, and, instead, take actual case studies that will help you understand this packet sniffing thing better.
Where the packet sniffing thing comes up?
Let’s suppose that you are a Windows user (you can choose any other operating system – the following usually stands true). Most of the times, you have a workstation/computer that automatically mounts all your local hard disks. But for the purpose of easing things to the user, your computer also setup some mechanisms to make it easier to the user to connect to some network resources.
So, if we go back to the Windows user, it’s more than likely that this computer has a mechanism that allows easy connecting to network shares. This is very practical if you are working on your company’s network, or if you have a home network. What it actually does is the following: once you’ve connected to those network resources, your computer tries to cache the credentials for accessing them, then from time to time, those cached credentials are checked again so as to verify if you are allowed to access the resources.
Now, let’s say that, for once, you are not working from home, nor from your company’s network. Let’s say that you are travelling and for once, you went to a public cybercafe for checking your mails via a wi-fi network (or even an Ethernet/cable network). You know, we often think that we’re only going to check our e-mail and that it doesn’t come up with serious security issues. Well, think again. This is where the packet sniffing thing comes up.
The man in the middle …
Let’s say that I’m the bad guy in the cybercafe that is using that packet sniffing software on my routers. My intent are clear: I want to “listen” to all the packets that are going on my network so as to “collect” some credentials (username and passwords for example) that I can eventually use later on.
So I give you the credentials for using my WI-FI connection, then your computer got automatically setup for accessing the internet. Now you’re set to check your e-mails. But the thing is, your computer is doing more than checking your e-mails.
From time to time, your computer will try to reestablish the network connections that are already configured on your computer: remember the ones that you ad at home or at your office. It will then broadcast some data for checking it and chances are that it will provide the credentials over the network.
Depending on your configurations, chances are that those credentials would be resent over the network – my Wi-Fi network: by using a packet sniffing on my network, I can collect all your network packet, the reconstitute them so that I can “read” what you’ve done, and eventually have copies of the credentials that your computer have issued.
My two cents: use HTTPS sites
The same applies if you aren’t using HTTPS for reading your e-mail. HTTPS encrypts your web connection. If, for some reasons, you still access your e-mail through HTTP, then don’t be surprised if I’d be smiling a lot on my corner since I would clearly see your username and password while you type them by using a packet sniffing software.