What is a sniffing attack?

What does a sniffing attack mean in cybersecurity?

Sniffing is when packets passing through a network are monitored, captured, and sometimes analyzed. It can be used for good and evil. For example, your system administrator might use sniffing to troubleshoot or analyze the network or to perform egress defense. On the other hand, hackers can use this technique to perform man-in-the-middle attacks that aim to steal your bank details, account credentials, or other personally identifiable data that could lead to identity theft.

You might have seen sniffing attacks in old spy movies, where the bad guy’s phone is wiretapped to collect sensitive information and prove their guilt. That’s a sniffer attack in its simplest form. In the cyber world, hackers use more sophisticated sniffing tools that can be apps, scripts, sniffing software, or hardware devices at the network or host level. With sniffing, any data you share over the internet that isn’t encrypted can be stolen. Here’s what hackers can sniff:

• Email traffic
• Web traffic
• FTP passwords
• Telnet passwords
• Router configuration
• Chat sessions
• DNS traffic

How does sniffing work?

To understand how sniffing works, we first need to understand how information travels over the internet. Any data sent online is divided into packets, which are sent from your device and then reassembled at their destination point. These data packets have to pass by many routers and switches before they reach their destination. Each of those points can be used for packet sniffing.

Types of sniffing attacks

Passive sniffing collects the passing data while the hacker lies dormant. This type of sniffing can be used on networks that are connected by hubs – devices that receive the traffic on one port and then retransmit it to other ports. Therefore, when a sniffer device is placed at the hub, the hacker can capture the traffic. Fortunately, hubs are gradually being replaced by switches. Therefore, hackers are now moving towards active sniffing attacks.

Active sniffing mostly focuses on flooding the switch content address memory (CAM) table, which redirects legitimate traffic to other ports. The hacker can then snoop on the traffic from the switch. Active sniffing attacks include spoofing attacks, DNS poisoning, DHCP attacks, MAC flooding, MAC spoofing, etc.

Sniffing attack example

Online store platforms have noticed a rise in JavaScript card sniffing attacks. In fact, Ticketmaster and Feedify have already fallen victims to such attacks. How do these sniffing attacks look in practice?

1. A hacker injects a piece of malicious code on a checkout page. They can create the code themselves or buy it from an underground hacking forum.
2. A user types in their credit card details on the checkout page. The script secretly “listens in” and sends this information straight to the hacker.
3. The hacker then uses the victim's card details to steal their money. Alternatively, they can sell this data on the dark web, which can then be used by other hackers or money launderers.

How to prevent sniffing attacks

1. Avoid public Wi-Fi. Public Wi-Fi is one of the favorite platforms for hackers to perform man-in-the-middle attacks. Many potential victims connect without understanding the potential dangers. If you need to use public Wi-Fi, use a VPN service that will encrypt your traffic and will protect you from such attacks.
2. Use encrypted messaging and email platforms. A VPN encrypts your internet traffic, but it doesn’t always solve all your problems – especially if your apps or messaging platforms aren’t end-to-end encrypted. Look for the ones that protect your privacy and security. You can check these comprehensive guides for encrypted email platforms and encrypted messaging apps.
3. Visit HTTPS websites. Pay attention to websites you visit. Look for whether they start with HTTPS or HTTP and whether they have a green padlock next to their URLs. HTTPS websites have so-called SSL/TLS certificates that verify the website's authenticity and that your traffic is encrypted.
4. Perform regular scans on your computer networks to identify any intruders. Network admins and your IT team can use several techniques to catch sniffers before they cause any harm. For example, they can monitor bandwidth or audit devices that are set to promiscuous mode.

Prevent sniffing attacks while using public Wi-Fi. Try NordVPN with a 30-day money-back guarantee.