Sniffing attack in context ofnetwork security, corresponds totheft or interception of data by capturing thenetwork traffic using apacket sniffer (an application aimed at capturingnetwork packets). When data is transmitted across networks, if the data packets are not encrypted, the data within the network packet can be read using a sniffer.[1] Using a sniffer application, an attacker can analyze the network and gain information to eventually cause the network to crash or to become corrupted, or read the communications happening across the network.[2]
Sniffing attacks can be compared totapping of phone wires and intercepting the conversation. For this reason, it is also referred aswiretapping applied tocomputer networks. Using sniffing tools, attackers can sniff sensitive information from a network, includingemail (SMTP, POP, IMAP),web (HTTP),FTP (Telnet authentication, FTP Passwords, SMB, NFS) and many more types ofnetwork traffic. The packet sniffer usually sniffs the network data without making any modifications in the network's packets. Packet sniffers can just watch, display, and log the traffic, and this information can be accessed by the attacker.[3]
To prevent networks from sniffing attacks, organizations and individual users should keep away from applications that are using insecure protocols, likebasic HTTP authentication, File Transfer Protocol (FTP), andTelnet. Instead, secure protocols such asHTTPS,Secure File Transfer Protocol (SFTP), andSecure Shell (SSH) should be preferred. In case there is a necessity for using any insecure protocol in any application, all the data transmission should be encrypted. If required,VPN (Virtual Private Networks) can be used to provide secure access to users.[4]