Being private is not just a major concern for all of us. It's actually a basic right for any individual. However, your information and traffic logs can be obtained, gathered, monitored and in the worst-case - leaked or exploited for criminal gains. One of the ways or rather things that contribute to this risk is something called a network sniffer, a sniffer app, or a packet analyzer as it is officially known. In this article, we'll talk a bit more about network sniffers and what kind of threats they possess and how to improve your privacy online.
Network packet sniffers explained
A sniffer is a type of software or hardware that can intercept and log traffic passing over a network. Sniffers are often used by attackers to steal sensitive information like passwords and credit card numbers. Yet, they are more commonly used by network service providers and other big businesses in order to optimize their API and other network-delivered services in order to minimize downtime and improve security. With that being said, both hardware and software-based network sniffers usually record information in a human-readable format and compromise your privacy.
If someone were to decide to monitor what you do online, they can tap into your network by accessing your router, computer, or other device via hardware or software. They can remotely gather data. It's hard to sometimes understand what's more useful for the entities and individuals that run sniffers themselves. Yes, they can analyze traffic and identify causes for slowdowns, etc. Yet, the risk is just mostly not worth it.
Here's an explanation on how it works:
As you can see, network packet sniffers are like a double-edged sword. For you, directly, they have very little benefit. They only benefit a service provider and they can run a sniffer program without your knowledge. So, we can best advise you to be aware of this and protect yourself by doing certain things differently and just being aware of the possible threats and risks involved. That's the best solution out there.
How to know whether a network sniffer is running?
If you're worried that your information or data might be sniffed, there are a few ways to know for sure. A great article on this is written by Douglas Schweitzer over on Computer World (
click here to read it). We'll give a short rundown to help you understand how this works and how you can tackle it.
Basically, if you want to know if there's sniffing happening on your network, all you have to do is look for signs of sniffing software. Hardware for sniffing is much less common and can usually be found in company-owned or government-owned devices that are made bespoke or with a special order. Your off-the-shelf computer, tablet or phone is highly unlikely to house such hardware.
Getting back to sniffer apps, they usually run in the background. If these are installed on your system without you knowing, then it is highly likely that someone has access to your device remotely. The best way you can find sniffing software is by checking the process list on your devices.
For Windows, you can do this by hitting CTRL+ALT+DEL and then going into the Task Manager. In the Processes tab, you will be able to see all the active processes on your computer. Even though detection can be tricky, it's possible and can be done. Doing so on your phone, however, or a tablet can be much more challenging. Windows users can also rely on freeware apps that detect PROMISCUOUS ACTIVITY. This is the key term used to describe the mode of work that probably all sniffers use. If you find something there, try to disable it, delete it, or contact an IT specialist to help you out. There are lots of different software, so there's actually no single one-fits-all type of solution here. You just have to react to the cards that you've been dealt, so to speak and handle each case individually.
Ways to protect yourself from network sniffers
When you weigh both sides of network sniffing, there's almost always going to be more things going for disabling or protecting yourselves from it, rather than allowing someone to register and log all of your traffic. So, here are some tips to protect your traffic and thoughts from network packet sniffers.
Use a VPN
A VPN encrypts your traffic so that even if a sniffer were to record your data, it would be unreadable. This is perhaps the simplest and most effective way of protecting your data from sniffers that is accessible to almost anyone. It's great, but it is far from perfect. When you use a VPN, you don't automatically become invisible on the internet and your browsing isn't 100% secure & private. It helps to unlock the first basic layer of security, but it is definitely not enough.
To better explain, here's a chart of how it works.
The VPN client encrypts the data being transmitted to your ISP (internet service provider) in order to hide your identity. Without a VPN, your service provider can gather open and unencrypted data about your browsing. When you enable a VPN, they can only obtain cryptic info which is almost or 100% impossible to translate into a readable format. Still, the readable and unencrypted info is collected by the VPN service provider, so it's actually just less risky, but not bulletproof. Read more about VPN on our blog - click here.
Only trust HTTPS websites
Hypertext Transfer Protocol Secure (HTTPS) is a security protocol that encrypts your data before it's transmitted from your device to the server. This is why you see a little lock icon next to the website's URL in your browser.
If you're only visiting HTTPS websites, then it's much more difficult for someone sniffing the traffic on your network to read the data being transmitted because it will be encrypted. If it's not a HTTPS website, a sophisticated sniffing tool can read what you input on the site, e.g. payment info, passwords, usernames, personal data, etc. That's not good...
Use a secure DNS service
Domain Name System (DNS) is what translates human-readable domain names (like kraden.com) into IP addresses that computers can understand. Your ISP controls the DNS server that you use by default, but you can change it to a different, more secure server. Even though your service provider can claim to have great service and security, they still would like you to use only their DNS service as it allows them to better optimize their services and gather more insights, have more control and leverage, essentially. If people know they can switch to an alternative that suits them better, it becomes harder to find more ways to make money.
A sniffer can see which websites you're visiting based on their IP addresses, but not necessarily the specific pages within those websites. But if the sniffer is located between you and the DNS server, they can see every website you visit because unencrypted DNS queries are sent in plain text. You can prevent this by using a secure DNS service that encrypts your DNS queries so that they're not readable by anyone sniffing the traffic on your network.
Use two-factor authentication (2FA)
Two-factor authentication is an additional layer of security that requires you to input a code that is sent to your phone in order to log into your account. Okay, this isn't necessarily internet settings-related, but it's still very important and relevant. Enabling MFA/2FA makes it much harder for someone to gain access to your account, even if they have your credentials because they would also need to have your phone.
If criminals are using a sniffer which is running on your device, they can easily see your password being transmitted in plain text when you try to log into a website. Remember those keylogger apps which were notorious back in the mid-2000s and early 2010s? People were installing sneaky software which was used to log key inputs in order to steal game accounts (most notably - Runescape or World of Warcraft), but later on serious criminals used it to hack bank and e-wallet logins. Sniffers are used by criminals for just the same gains, but they work in a much more sophisticated manner. On the other hand, ISPs use it to monitor and log data.
So, if you see a login screen, always check if the website has MFA/2FA enabled.
Don't open files that aren't virus-scanned or sent by someone you don't know
This one is pretty self-explanatory, but it's still the most prevalent form of attack that hackers use to attack your device and install sniffing malware on it. If you receive a file from someone you don't know or that looks even remotely suspicious, scan it with a reliable antivirus program before opening it. The same goes for files sent by people you do know, but that looks out of place. Facebook, Twitter, Instagram even, all of these sites can have weaknesses, and opening links or downloading suspicious files can result in harm both short and long-term.
In essence, reducing your digital footprint can help you better protect yourself from sniffers and similar threats. What's a digital footprint you ask? We wrote an extensive blog post on why this term is important and how to better protect yourself online (
click here to read it)!
Use E2E (End-to-end encrypted) messengers
If you use an E2E messenger such as Kraden, your messages are encrypted on your device and can only be decrypted by the person you're messaging. You don't need to worry about this as the app handles encryption and decryption. Once sent, the contents are encrypted in such a difficult and high-end cipher, that even if someone were to sniff your network traffic, they wouldn't be able to read your messages. Not in millions of years at least (yes, it would take tens of millions of years to decrypt).
Here's how end-to-end encrypted comms protect your traffic.
Social engineering & network sniffers - a dangerous combo
Nowadays, sniffers are mostly implemented with the help of social engineering.
One particular scam was getting the trust of an IT administrator's assistant in a large manufacturer in California. The scammer got into the administrator's assistant's account, sent a fictional letter to a superior who opened the attachment, and malware was installed to sniff out web and intranet traffic. It took the company weeks to notice (until the next hardware and IT status review) and by then, the hacker had obtained lots of sensitive info about the company and sold blueprints and other confidential secrets to manufacturers, analyzed profit margins, and was able to profit and hurt the company in more ways than one. He or she was never caught.
The main risk isn't that someone is going to force their way into your system or device like what you see from hackers in Hollywood. The biggest issue is not to open the doors for them yourself. Always take things with a grain of salt, if you aren't 100% sure about the attachments in the email or haven't double-checked the authenticity of the information with the sender(s).
Conclusion
Network sniffers are nothing new, but they're still a potent threat in the digital age. They can be used to obtain login credentials, steal sensitive information, or even infect devices with malware. Even though network service providers may use them for harmless purposes (e.g. to improve service, reduce downtime, etc.), it's usually still in your best interest to not give them the power to log your traffic. By reducing your digital footprint and using apps like E2E messengers, you can better protect yourself from sniffers and other online threats. Stay safe out there!