The meaning of WiFi Sniffer. This is a unique packet sniffer or network analyzer, specifically designed to function with the wireless networks. To successfully carry out Wi-Fi sniffing, it involves the use of specific software application or piece of electronic equipment. Packet Peeper is a network protocol analyzer (or 'packet sniffer') for Mac OS X. Its features include TCP stream reassembly, privilege separation, simultaneous capture sessions, filters, Python plugins and support for pcap capture files.
Networks increase the utility of computers by making them accessible to anyone no matter where they are located. They also introduce increased complexity to computer systems while posing potential security risks that were not a concern with standalone machines. Specialized tools such as network sniffers are required by network administrators to understand and optimize their networks. The same network sniffer tools can be used to subvert or enhance network security, as we shall soon see.
What is a Network Sniffer?
A network sniffer is a software tool or piece of hardware which is used to monitor network traffic. You may be familiar with the tool under one of its other names such as packet analyzer, network analyzer, or protocol analyzer. Hardware implementations of a packet analyzer are mostly employed by network administrators or security professionals operating with large networks.
Types of Network Sniffer. There are many types of network sniffers mentioned below: Mac sniffers: It is used to sniff the data that is relevant to the MAC address filter. IP sniffers: It sniffs all the data that is relevant to a specific IP filter. It captures the specific data packet for analysis and diagnosis.
There are many software network sniffing tools available that make it possible for anyone to monitor network traffic. The same tool can be used for constructive or malicious purposes depending on who is operating the application. Network admins and hackers both have the same tools but with very different intentions. Wireless network sniffers are used to monitor and potentially gain entry into WiFi networks which are becoming more prevalent every day.
How Does a Network Sniffer Work?
A network sniffer takes advantage of the method in which data is transmitted across a network. Networks send data in distinct packets in order to maintain data integrity and avoid network congestion. When files or emails are sent they are broken into smaller packets before being sent to their destination. Information included with each transmission includes:
- The destination address
- Number of packets being transmitted
- Reassembly order of the packets
- The Source address
When the data arrives at its destination, the message’s headers and footers are stripped off and the data is reconstructed. Networks and computers discard all messages that are not intended for them via a network filter.
A network packet sniffer operates by intercepting and logging the network traffic. The software analyzes the traffic and converts it to a user-friendly format. Depending on who is using the packet analyzer, the information provided by the tool can be used in a variety of ways.
Network sniffers can be operated in two modes.
- Passive sniffing — This involves simply listening to and capturing traffic. This type of sniffing is not detectable.
- Active sniffing — An Address Resolution Protocol (ARP) spoofing or traffic-flooding attack is launched against a switch in order to capture traffic. This is detectable by network intrusion tools.
How is a Network Sniffer Used?
A network sniffer tool can be used by network administrators to test and improve the functionality of their network. Some specific areas where a network sniffer is used for constructive purposes are:
- Troubleshooting network issues such as bottlenecks.
- Compiling statistics on a network such as available bandwidth.
- Testing firewall implementations.
- Securing a network by analyzing packet traffic in an attempt to detect unauthorized access to the network.
Unfortunately, the same tools that can assist a network admin to understand and protect their network can be used by individuals with malicious intentions. Some of the nefarious uses of a protocol analyzer are:
- Using a network sniffer in promiscuous mode enables intruders to examine any packet traveling across the network regardless of its destination.
- Intercepting packets of unencrypted data allows hackers to compromise passwords and gain unauthorized access to your network or applications.
- WiFi sniffers can be used by hackers who set up fake hotspots and monitor the traffic in the hopes of finding unencrypted data that they can use for profit.
- Inclusion in malware as in the VPNFilter malware attack.
As with many inventions, the way in which packet analyzers are used is solely determined by the person or entity using the tool. Governments, businesses, and advertisers also make use of network sniffing software to monitor the online activities of citizens and to find ways to inject ads that target specific individuals or groups.
Some Excellent Network Sniffers
There are many network sniffer tools available that can be run on the computing platform of your choice. Let’s take a look at some of them.
KisMac2
KisMac2 is a free network sniffer tool which is designed to run on the macOS platform. The open-source tool is meant to be used with WiFi networks and can perform a wide variety of WiFi monitoring and sniffing tasks.
It supports all of the Apple internal AirPort Extreme hardware as well as some third-party USB network cards. You need to be running macOS 10.9 or later to use this tool. Some of its features include:
- User-friendly GUI
- Ability to reveal hidden or cloaked SSIDs
- Mapping and GPS support
- Kismet drone support
- Obtain maps of network coverage
KisMac2 is a great choice in a free network sniffer for the Mac.
Wireshark
This free and open-source network analyzer has versions which can be run on Windows, macOS, and Linux machines.
It is one of the most popular network sniffing applications available and comes packed with features such as:
- Live packet capture and offline analysis
- Powerful display filters
- The ability to read and write numerous capture file formats
- Decryption support for many protocols such as WEP and WPA/WPA2
- Export output in a variety of formats
You can’t go wrong with this widely-used network tool.
EtherApe
Unix and Linux users can use this tool to monitor their network packets. It is a freeware tool that presents you with a graphical representation of your network. Lines expand and contract in the display based on current traffic and different colors are used to represent varying protocols on the network.
It is a popular choice among experienced network administrators.
WinDump
WinDump is a Windows port of the popular command line tool tcpdump. It is freeware that requires the prior installation of the Winpcap library. Once the library is installed, you simply run the tool as an executable file.
It performs all of the basic network sniffing tasks that you would expect and can be used with filters to limit data capture.
SolarWinds Network Performance Monitor
Here is a professional-grade network performance monitor that entails a substantial financial investment to deploy. It is obviously meant for use in professional settings where maintaining network performance is critical. One of its specialties is gathering information from network-attached equipment and this facility can help you track down the origin of unauthorized access to your system.
Pricing is based on the number of devices that will be monitored.
* * *
Network sniffing software should be a mandatory part of every network administrator’s toolbox. Use of this type of software can help you maintain a secure network and troubleshoot any issues that may arise. If you don’t already have a network sniffer, we suggest you download one today.
Related articles:
Download Wireshark
The current stable release of Wireshark is 3.2.7. It supersedes all previous releases. You can also download the latest development release (3.3.1) and documentation.
- Windows Installer (64-bit)
- Windows Installer (32-bit)
- Windows PortableApps® (32-bit)
- macOS Intel 64-bit .dmg
- Source Code
- Windows Installer (64-bit)
- Windows Installer (32-bit)
- Windows PortableApps® (32-bit)
- macOS Intel 64-bit .dmg
- Source Code
- Windows Installer (64-bit)
- Windows Installer (32-bit)
- Windows PortableApps® (32-bit)
- macOS Intel 64-bit .dmg
- Source Code
Older Releases
All present and past releases can be found in our download area.
Installation Notes
For a complete list of system requirements and supported platforms, please consult the User's Guide.
Information about each release can be found in the release notes.
Each Windows package comes with the latest stable release of Npcap, which is required for live packet capture. If needed you can download separately from the Npcap web site.
You can also capture packets using WinPcap, although it is no longer maintained or supported.
Live on the Bleeding Edge
You can download source code packages and Windows installers which are automatically created each time code is checked into the source code repository. These packages are available in the automated build section of our download area.
Go Spelunking
You can explore the download areas of the main site and mirrors below. Past releases can be found by browsing the all-versions directories under each platform directory.
Stay Current
You can stay informed about new Wireshark releases by subscribing to the wireshark-announce mailing list. We also provide a PAD file to make automated checking easier.
Verify Downloads
File hashes for the 3.2.7 release can be found in the signatures file. It is signed with key id 0xE6FEAEEA. Prior to April 2016 downloads were signed with key id 0x21F2949A.
Stay Legal
Wireshark is subject to U.S. export regulations. Take heed. Consult a lawyer if you have any questions.
Sniffing Network Traffic
I have a lot of traffic...
ANSWER: SteelCentral™ AppResponse 11
- • Full stack analysis – from packets to pages
- • Rich performance metrics & pre-defined insights for fast problem identification/resolution
- • Modular, flexible solution for deeply-analyzing network & application performance
Network Sniffing For Macbook
Learn MoreNetwork Sniffing For Mac Os
Wireshark packages are available for most platforms, including the ones listed below.
Network Sniffing Tools
Vendor / Platform | Sources |
---|---|
Alpine / Alpine Linux | Standard package |
Apple / macOS | Homebrew(Formula) MacPorts Fink |
Arch Linux / Arch Linux | Standard package |
Canonical / Ubuntu | Standard package Latest stable PPA |
Debian / Debian GNU/Linux | Standard package |
The FreeBSD Project / FreeBSD | Standard package |
Gentoo Foundation / Gentoo Linux | Standard package |
HP / HP-UX | Porting And Archive Centre for HP-UX |
NetBSD Foundation / NetBSD | Standard package |
Novell / openSUSE, SUSE Linux | Standard package |
Offensive Security / Kali Linux | Standard package |
PCLinuxOS / PCLinuxOS | Standard package |
Red Hat / Fedora | Standard package |
Red Hat / Red Hat Enterprise Linux | Standard package |
Slackware Linux / Slackware | SlackBuilds.org |
Oracle / Solaris 11 | Standard package |
* / * | The Written Word |