What is packet sniffing?

Packet sniffers intercept packets of data flowing across a computer network in order to view their contents. This act is called packet sniffing.

How it works

Web pages and emails are not sent through the internet as one document; rather, the sending side (your computer) breaks them down into many little data packets. These packets are then addressed to an IP address at the receiving end, which has to send back an acknowledgment of each packet it receives.

These packets are not transferred from the sender to the receiver through a single direct connection. Instead, as each packet traverses the internet en-route to its destination, it passes through a number of traffic control devices such as routers and switches. Each time a packet passes through one of these traffic control devices, it is susceptible to capture and analysis.

svg viewer

Who can sniff packets?

Anyone who has access to a router can perform packet collection and subsequent analysis. Since internet users generally have no idea how their traffic is being routed, it’s not really possible to know who may be observing that traffic.

How to prevent packet sniffing

One way to protect your network traffic from being sniffed is to encrypt it using a Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Encryption does not prevent packet sniffers from seeing source and destination information, but it does encrypt the data packet’s payload so that all the sniffer sees is encrypted content. Any attempt to modify or inject data into the packets will likely fail since messing with encrypted data causes errors that will be evident when the encrypted information is decrypted at the other end.

Free Resources

Copyright ©2024 Educative, Inc. All rights reserved