Restraining Packet Sniffing & Security A Brief Overview
Restraining Packet Sniffing & Security A Brief Overview
Volume 5, Issue 12, December – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Restraining Packet Sniffing & Security:
A Brief Overview
Sourabh Saroha
HCL Australia Pty Ltd
Abstract:- Over the years, with every passing day, the Figure 1 shows a typical packet sniffer package in
communication systems are increasing in size, succession on Ethernet. The packet sniffer listens to the data
complication and laterally the users are also being that arrives at the wire or wireless network of any given
improved successively. Due to this reason the traffic environment. These packet sniffers are and can be used in
congestion in the communication network has also raised any of the network present, it may local area network, wide
rapidly. Hence it is necessary to keep an eye on every area network and many more. If a machine is in the path of
node in the network, packet sniffer is used. Sometimes a two connected machines (X and Y) on a wide area network,
packet sniffer is called a network monitor or network the machine can listen to the traffic flowing from X to Y.
analyser. Many system administrator or network and
security administrator use it for monitoring and
troubleshooting network traffic. Packet sniffers are
convenient for both local area network and radio
environment networks. In this paper we have describe
the nuts and bolts of packet sniffer, and the workings in
both local area network and radio environment
networks, outbreak and refuge.
Keywords:- Protocols, Packet Sniffer, OSI
Model,Credencials.
I. INTRODUCTION
Fig 1. Packet Sniffer
Packet sniffing is a way of wiretap each packet during
its movements across the network; i.e., it’s a procedure
The proprietor resolve the problems that are detected
where the network gets to know that the information is not
by the network and confirm safe link data allocation by
from the same network, it came from different network. In
resources of the material gathered by packet snipers.
simple terms Packet sniffing is the repetition of gathering,
Sniffers defense susceptibility exist in the potential to
accumulating, and logging some or all packets that
monitor all incoming and outgoing messages, including
transmitted across computer networks, regardless of how
passwords, usernames or other sensitive material. Network
the packet is addressed. Packet sniffers can function as a
Protocols use network packets transmit information between
governmental tool or for malevolent commitments. It
nodes of the communication channel. Majority of network
depends on the user’s intent. Network & Security
protocols like HTTP, FTP which transfer information in
administrators use them for monitoring and validating
plain text are exposed to packet sniffing attack. Since,
network traffic. Packet sniffers are primarily alluring.
network packet carry secret evidence computer-generated
offenders search for secret information in packets and can
The recording of the voice through the phonic
manipulate packet data. So, use of secure protocols, data
conversation can be considered as an attack for this reason it
encryption technology, network monitoring and Network
is necessary it is necessary to keep an eye on the network
Scans are used while relocating undisclosed material over
where the information is exchanged. When there is the use
the networks. Data confidentiality ensures that no
of detecting tool, we can protect the important and secret
unauthorized entities can decipher the routing information
data which also include Email traffic (SMTP, POP, IMAP
on its way to a destination; reliability talk about to the
traffic), Web traffic (HTTP), FTP traffic(Telnet
reliability of records or capitals and it is frequently
authentication, FTP Passwords, SMB, NFS). The encoded
expressed in rapports of foiling indecorous or unlicensed
data packets are not changed during the process of sniffing.
change. Veracity includes data uprightness (the gratified of
Packet sniffers be able to watch, demonstrated, and record
the evidence) and source reliability.
the congestion. The network layer in the Transmission
Control Protocol/Internet Protocol (TCP/IP), the packet
sniffer programs are used to declaim packets.
IJISRT20DEC678 www.ijisrt.com 955
Volume 5, Issue 12, December – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
II. BACKGROUND AND LITERATURE REVIEW IV. CASE STUDY
Packet Sniffer is a schmoosed supercomputer A. Troubleshooting Application Data upload with Packet
solicitation that reflexively accepts edgings of all data- Sniffing
linking layers moving via the system device of a system. This case study is related to troubleshooting the
This is also known as the Ethernet Sniffer or Network application network communications with packet sniffing. A
Analyzer. The packet sniffer gathers and stores data for business customer from internet network using an
further study that is forwarded to other computers. This can Application front end service reported that video data
be legally used to track and address network traffic by a uploading through application would suddenly fail and
network or device administrator. Using the data gathered disconnected several times a day during peak business
from the packet sniffer, a director is able to detect incorrect hours.This happened after entering application
packets and use them to locate bottlenecks and ensure a authentication login credentials. The problem persisted
secure transfer of network traffic. Sniffers protection risks despite replacing the internet connection and gateway.
consist of their ability, like passwords and usernames or Network and Security Professionals checked login
other confidential material to catch all incoming and authentication and data upload conditions using the data-
outgoing traffic. In principle, since they are inactive in capture analysis support tool and found that the event would
design, it is difficult to detect this sniffing device. typically occur when user entered credentials and then
(PallaviAsrodia, 2012). number of packets had risen dramatically, which occurred
just after 10:00 AM. Hence, it is considered the possibility
Applications of packet sniffing program that the non-transmission of RTCP packets from the VPN
Sorting files during the system. Solving related gateway was related in some way to the large number of
challenges (in wired and wireless communication network data packets upload failure.
network). Connectivity issues.
Network output review. Therefore, it is possible to locate A. Analysis of Case Study
the bottlenecks in a network or identify the portion of the The practical implementation of packet sniffing in real
network through which data was missing. time scenario was elaborated above. The problem in the
Detecting network intruders. (Nimisha P, 2014) network communication which was solved by trouble
shooting the network packets. Packet Sniffers data packet
III. SNIFFING METHODS capture were used during the phase of troubleshooting.
While troubleshooting, packet sniffer were placed on source
Three types of sniffing methods are used. These are: machine of business customer and destination server of
Application. The TCP and RTCP packets were captured and
A. IP Based Sniffing the issue was identified. The identification of problem and
Theutmost frequently usedtechnique of packet sniffing issue present in video based data file upload was facilitated
is Internet Protocol based sniffing. In this process a by Packet Sniffing technique. The users was not using the
prerequisite of site system card hooked on licentious manner SSH based secured login nor was using a HTTPS or VPN to
exist. As soon as system card is fixed into wanton method connect to application server.There are different scenarios
then swarm resolve be able to snuffle all packets. A and more complex networks are there where Packet Sniffing
significant point in the IP based snuffling is that it uses an IP know how to be cast-off.
based filter, and the packets identical the IP address filter is
apprehended only. Customarily the IP address sieve is not B. Open Systems Interconnection Model (OSI Model)
established so it can seizure all the packets. This technique OSI model is hypothetical approach refer to by what
only the whole kit and caboodle in non-switched network method records and evidence drives transversely in the
[3]. internet. The open system source consist of seven layers that
works on various protocols, rules and network policies. The
B. MAC based Sniffing model functions from the topmost as application layer and
[3]The second way of sniffing data is packet sniffing. finishes to physical layer. The number of protocols that
This method is similar to IP based sniffing. The working of works on the OSI model are hypertext transfer protocol, file
MAC based sniffing is analogous to IP based, only the transfer protocol other protocols that also is address
difference is the used of IP filter. Here also a requirement of resolution protocol depending upon the application of the
setting network card into licentious mode survives. A MAC user. The OSI Model was initially designed to provide
address is used in habitation of IP address filter and sniffing device manufacturers with a collection of design
all envelopes corresponding the MAC addresses [3]. specifications for contact. The OSI model describes an
architectural framework which logically partitions the
C. ARP based Sniffing functions needed to facilitate system to system
[3] The working of ARP based sniffer is different from communication.
that of other two.In this method it is not necessary to put the
network card in licentious type. The reason is Address
Resolution Protocol itself provides the information that the
network card does. If there is any change in environment of
the network this type gives the better results.
IJISRT20DEC678 www.ijisrt.com 956
Volume 5, Issue 12, December – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
These exchange cards protocols contrivance cryptographic
algorithm to renovate data into encrypted cryptograph which
checks sniffing attack. Some of the protocols are secure
version over their unsecure protocol. Example, https over
HTPPS, SSH over telnet etc. Finally, to maintain
confidentiality, integrity and availability of information,
encrypted and secure protocols should be always be used
that transfer information in encrypted text.
VI. WORKING OF HTTP PROTOCOL IN
APPLICATION LAYER
The packet sniffer program is perform in the
application layer for the practical application we have used
the local host. Some of the programs are performed in this
Fig 2: basic model of OSI model section.
The main function of OSI layers are as follows: 1) Step 1:
7. Application: It make available diverse amenities to the In this part the a secret message is send to the
solicitation and interrelate with the user. Transfer protocols destination in the form of plain text message, the work of
like http, ftp functions in this layer. the packet sniffer is to have a look on all the transmitted
6. Presentation: Helps in transfigures the material to various data and received data through the network. The user or the
scrambling and encryption methods. This layer is tending sender can send the data in the form of first name, password,
with the composition and semantics of the information any ID’s, token etc.
transmitted.
5. Session: Levers glitches that are not communication
concerns to uphold tenacity session.
4. Transport: Agree to take data from session layer and
make available end to end communication control.
3. Network: Regulator process of subnet, conveniences
course-plotting overcrowding, control and bookkeeping.
2. Data Link: remove the error also controls it. Mostly
works on local area network protocols.
1. Physical: it helps in decrypting the data and connects to
the data link layer.
V. PACKET SNIFFING WITH RESPECT TO Fig 3: Packet sniffer running in the background
NETWORKING PROTOCOLS
2) Step 2:
Network Protocols function in countless layers of OSI Each packets that are from the transmitter to the
Model. Networking protocols are hand-me-down for receiver, being monitored by the sniffer that is running in
communication and relocating data into a number of nodes the background.
of the network. Network Protocols depend on network
packets for transmitting information and identifications.
Henceforth, arrangement Packets are noteworthy
inscriptions of packet sniffing programs. Several
conversation cards procedures have diverse device for
transporting information. Some of the application layer
protocols like HTTP, FTP, and telnet transfer the
information and credentials in ordinary manuscript. This
makes these protocol liable to packet sniffing attack.An
assailant can unveiling innumerable bouts like ARP Fig 4: local host with the identifications
satirizing to apprehension credentials that are reassigned in
plain text. By the side of discretion and veracity of evidence 3) Step 3:
is wholly concerned as the user can deploy and bring The packet sniffer program keep a watch on the
alteration in the information. Presentation layer protocols encoded data that are present in the wired or wireless
Secure Socket Layer, Transport Layer Security, alters network. When the program find the useful data i.e. the e-
information into many encoded text. The amalgamation of mail id, username in the simple sentence, it immediately
protocols from application layer and presentation layer like apprehensions the information. The program apprehensions
HTPPS, SSH transfer credentials in encrypted information other identifications alike cookie, session id.
which varieties them impervious to packet sniffing attack.
IJISRT20DEC678 www.ijisrt.com 957
Volume 5, Issue 12, December – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Engineering Research and Applications.
[4]. Tom King, “Packet sniffing in a switched
environment”, SANS Institute, GESC practical V1.4,
option 1, Aug 4th 2002, updated June/July 2006.
[5]. Ryan Spangler,
“Packetsniffingonlayer2switchedlocalareanetworks”,
[6]. Sconvery,
“HackingLayer2:FunwithEthernetSwitches”, Blackhat,
2002, Available:http://www.blackhat.com/
presentations/bh-usa-02/bh-us-02-convery-
switches.pdf.
[7]. Rupam, AtulVerma, Dr, and Ankita Singh. "An
Approach to Detect Packets Using Packet Sniffing."
International Journal of Computer Science &
Engineering Survey (2013): n. page. Web.
Figure 5: Capture of secret identifications by python script [8]. Nucci A &Papagianaaki, K (2009). Design ,
Measurement and Management of Large-Scale IP
Deterrence in contrast to Packet Sniffing Networks
There are various issues related to Packet Sniffing [9]. Sanders, C., & Smith, J. (2014). Applied Network
which are to be prevented so as to protect any loss of the Security Monitoring
data. Ways to avoid the problems: [10]. Protocol Layers and the OSI Model [2018] , Online
1) Only the primary channels should be used to transfer any Available at https://docs.oracle.com/cd/E19455-
type of confidential type of data or information. We can 01/806-0916/ipov-7/index.htmlAccessed on
also use the encrypted standard which will helps not to [2019.04.28 ].
corrupt the data in the domain of the user. [11]. Credentials packet sniffing:
2) Also by using the virtual private network the transmitted https://iotsecuritynews.com/packet-sniffer-to-sniff-
data can be secure between the source and the sensitive-credentials-only/
destination. [12]. PacketwatchResearch:http://www.packetwatch.net,
Dec 2003.
VII. CONCLUSION AND FUTURE WORK [13]. Cristina L. Abad, Rafael I. Bonilla, “An Analysis on
the Schemes for Detecting and Preventing ARP Cache
For any layered model it is very necessary to protect Poisoning Attacks”, 27th International Conference on
the information that is transmitted inn the network between Distributed Computing Systems Workshops
the source and the destination. It is very easy to use the (ICDCSW'07), IEEE,June 2007.
network sniffer for the actual communication or it can be [14]. H. AbdelallahElhadj, H. M. Khelalfa, H. M. Kortebi,
also used malevolent purposes. This might furthermore exist “An Experimental Sniffer Detector: Sniffer Wall”,
for network traffic flow, data handling, troubleshooting and S´Ecurit´e des Communications sur Internet (SECI02),
instructional tenacities, and determinations of bout. September 2002.
Prevention should be taken so that there should not be any [15]. Daniel Susid, “An evaluation of network based sniffer
misuse of any protocols during the implementations. detection; Sentinel”, School of Economics and
Effective use of data encryption techniques, Secured SSH Commercial Law, GÖTEBORG UNIVERSITY
login, HTTPS protocol use and network tunnel connectivity Department of Informatics, 2004.
using virtual private network (VPN) can be some of way of [16]. Jorge Belenguer, Carlos T. Calafate, “A low-cost
preventions from Security point of view. In the same way, embeddedIDS to monitor and prevent Man-in-the-
instance working on the study proved that many envelop and Middle attacks onwired LAN environments”,
encrypt of data. In this paper we have given the practical International Conference onEmerging Security
implementation of the packet sniffer being used in the Information, Systems and Technologies, IEEE, pp.
network and also the protective measures. There are many 122-127, October 2007.
ongoing projects are present that are all working on this [17]. Ryan Spangler, “Packet Sniffer Detection with
topic. As many are working on it there are some areas where AntiSniff”. University of Wisconsin, Department of
we can focus on is to decrypt the encrypted data in the Computer and Network Administration, May 2003.
environment in which it is present, also in ipv6 network. [18]. RaedAlomoudi, Long Trinh, Darleen Spivey,
“Protecting Vulnerabilities or Online Intrusion: The
REFERENCES Efficacy of Packet Sniffing in the Workplace”, Florida
Atlantic University ISM 4320, 2004.
[1]. EtherealPacketSniffing,Available:netsecurity.about.co [19]. Dick Hazeleger, “Packet Sniffing: A Crash Course”,
m/od/readbookreviews/gr/aapro52304.htm. Netherlands, 2001.
[2]. Miller, R. (2019). The OSI Model: An Overview. [20]. Chris Senders, Practical Packet Analysis, using
SANS Institute. Page(s):5-12 Wireshark to solve real-world network problems, No
[3]. PallaviAsrodia, H. (2012). Network Traffic Analysis Starch Press Inc, San Francisco, 2007.
Using Packet Sniffer. International Journal of
IJISRT20DEC678 www.ijisrt.com 958
Volume 5, Issue 12, December – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
[21]. Sabeel Ansari, Rajeev S.G., Chandrashekar H.S,
“Packet Sniffing: A Brief Introduction”, VOL. 21, pp.
17-19, IEEE, December 2002.
[22]. A. Meehan, G. Manes, L. Davis, J. Hale, S. Shenoi,
“Packet Sniffing for Automated Chat Room
Monitoring and Evidence Preservation”, Proceedings
of the Second annual IEEE Systems, Man and
Cybernetics Information Assurance Workshop, New
York, pp. 285-288, June 2001.
[23]. Greg Barnett, Daniel Lopez, Shana Sult, Michael
Vanderford, “Packet Sniffing: Network Wiretapping”,
Group project, INFO 3229-001, 2002.
[24]. Ryan Spangler, “Packet Sniffing on Layer 2 Switched
Local Area Networks”, Packetwatch Research,
December 2003.
[25]. Thomas M. Chen, Lucia Hu, “Internet Performance
Monitoring”, Proceedings of the IEEE, pp. 1592-1603,
VOL. 90, NO. 9, September 2002.
