What Is Packet Sniffing? (And How to Protect Yourself)

Protect your information from cybercriminals by understanding what packet sniffing is and the steps you can take to prevent this type of data theft.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Using the internet is a little bit like playing a game of catch where your data is the ball: You’ve got the ball in your hand. Once you throw it, it travels through the air. The person who catches it throws it back to you.

Every time you send a message across the internet, you’re doing something similar. Your computer throws the data across a network. The website “catches” it. Then, it sends back the data you want.

However, because messages are long data strings, they’re usually broken up into smaller chunks of data called packets so they can travel faster across the internet. By understanding what packets are and what packet sniffing is, you can protect yourself from cybercriminals trying to catch your data.

In this article
What is packet sniffing?
What is a packet sniffing attack?
3 types of sniffing attacks
Packet sniffing FAQs
Bottom line

What is packet sniffing?

Packet sniffing occurs when someone monitors, gathers, or collects packets, the tiny data units you send from a device when you connect to the internet. This can be done with a packet analyzer, a type of software or hardware that intercepts network traffic and examines the data packets. But packet analysis isn't always a bad thing.

Packet sniffing can be used for network security or to ensure speed performance. For example, a company might use a packet sniffing tools for various network monitoring tasks such as:

  • Review network or data usage
  • Identify network problems
  • Make sure the network activity is normal

In other cases, advertisers use packet data to gather information so they can target ads that would interest you by looking at:

  • Websites you visited
  • Search history
  • Downloads

However, as with any technology, cybercriminals can use packet sniffing to steal personally identifiable information (PII). For example, they could analyze packet data to collect sensitive information you transmit, similar to how wiretapping can capture specific data transmitted over phone lines. This sensitive information might include:

  • Usernames
  • Passwords
  • Credit card information

Most networks include two specific devices that attackers use during an attack:

  • Switch: The network switch is a software-equipped piece of hardware that connects devices and controls how data flows, which ensures packets get to the intended destination.
  • Hub: A piece of hardware that connects devices, usually to a local area network (LAN), with an Ethernet cord, which ensures packets get to the intended destination.

What is a packet?

A network packet is a small unit of data containing the information that devices need to communicate. By breaking messages down into smaller pieces, the data travels faster. Once the packets all reach their destination, the network puts them back together so they make sense.

You can think about packets like a puzzle. It's easier to store and move the puzzle around when it’s just pieces in a box, but you need to fit them all together the right way to get the complete picture.

Active sniffing

Active sniffing targets the switch. The sniffer sends fake data packets to the switch that interrupts the data flows and redirects the original traffic to capture the original packets.

Passive sniffing

Passive sniffing targets the hub. The sniffer connects to the network at the hub, then monitors traffic without sending any data to the network.

What is a packet sniffing attack?

With a packet sniffing cyber attack, criminals use packet sniffers to steal unencrypted sensitive data. When you send data across an insecure network, malicious actors can use sniffing tools to intercept the packets and capture the data.

Getting a bit into the technical weeds, cybercriminals can use the following packet sniffing attack techniques:

  • Transmission Control Protocol (TCP) hijacking: TCP is the digital rule that computers, networks, and applications use to exchange data. With TCP hijacking, cybercriminals trick the network into thinking they’re the legitimate user, then collect network data.
  • Domain Name System (DNS) poisoning: DNS is the technical standard used to translate websites from numbers, called IP addresses, into words. With DNS poisoning, also called DNS spoofing, cybercriminals make a fake website with a different IP address than the real one.
  • Address resolution protocol (ARP) sniffing: ARP is the technical standard that maps a device to a location on the network. With ARP sniffing, also called ARP spoofing or ARP poison routing, cybercriminals fake both the device and network location information to redirect the traffic and data.
  • Dynamic Host Configuration Protocol (DHCP) starvation: DHCP servers tell a device where it can connect to a network. With DHCP starvation, cybercriminals overwhelm the server with fake packets so it redirects devices to different locations, usually ones the malicious actor owns.
  • JavaScript sniffing: JavaScript is a coding language on websites that allow you to input information. With JavaScript sniffing, cybercriminals add code to a website so the website sends them the information instead of sending it to the real website owner.

3 types of sniffing attacks

Although cybercriminals have various different techniques, the outcomes can be grouped into a few categories.

1. Packet sniffing attacks on Wi-Fi networks

This is the “don’t connect to the coffeehouse Wi-Fi” attack, or as security professionals call it, a man-in-the-middle (MitM) attack. Cybercriminals use a wireless network sniffer, which can be either hardware or software, to monitor your connection to an unencrypted, public Wi-Fi network. Their goal is to capture packets of data, such as credit card information or phone numbers.

2. Browser history packet sniffers

Your browser keeps a record of the websites you visit so it can autocomplete a web address when you return to a site. For example, when you do a search and click on a result, the link changes color because your browser “remembers” your visit.

Cybercriminals manipulate the code that tracks your history to trick the browser into sending data to both the real website and their fake website.

3. Password sniffing

Cybercriminals can steal passwords through two sniffing tactics:

  1. Using a MitM attack on an unencrypted public Wi-Fi.
  2. Using a JavaScript sniffer.

Websites use JavaScript for forms such as login pages. Cybercriminals use JavaScript sniffers to change the website’s form so they can steal your password.

How to protect yourself from packet sniffer attacks

In technology, as in life, knowledge is power. Although packet sniffing attacks sound complicated, you can take some easy steps to protect yourself and your information.

Use a VPN on public Wi-Fi networks

A virtual private network (VPN) is an application that you can download to most devices, including your cell phone, tablet, laptop, or router. When you turn it on, the VPN encrypts the data you send and receive so cybercriminals can’t read or use it.

Install antivirus software

Cybercriminals can use malicious websites to install sniffer malware on your device. Antivirus software is important because it keeps a list of known malware and helps keep your data safe from packet sniffers by blocking malware installation.

Practice online safety

Most online safety tips are about being aware of your digital surroundings. Some good practices include:

  • Make sure a website link starts with HTTPS, which means the site is encrypted and secure.
  • Hover over embedded links in emails to make sure you recognize the website in the actual URL.
  • Never share personal data publicly on social media or other sites.
  • Use a password manager so you can create a unique, strong password for every login.

Avoid social engineering and phishing attacks

Cybercriminals use phishing and social engineering attacks to infect devices with malware. In a social engineering attack, cybercriminals may try to manipulate your emotions to convince you to take an action that ultimately harms you.

Some common ways to spot a phishing attack include:

  • Be wary of links in emails, even if they seem to be from reputable sources.
  • Check the sender's email address, not the name, if you think the message is suspicious.
  • Look for misspelled words and grammar mistakes in the email’s text.

Edit your home router settings

You probably have two devices that help you connect to your home Wi-Fi: a modem and a router. The modem is how your internet service provider (ISP) delivers your internet connection. Your router is the device that sends Wi-Fi signals through the air.

To protect against packet sniffing attacks, you can edit your router’s settings by doing the following:

  • Change your network encryption to Wi-Fi Protected Access 2 (WPA2).
  • Change your router’s default password so no one can edit your settings.
  • Update your router’s firmware so no one can use a vulnerability to change your router’s settings.

Should you use a packet sniffer detection tool?

You might have heard about “sniffer detection apps” or network analyzers, such as Snort, which help you find out if someone is using a packet sniffer to illegally gather data from your network. 

But these tools can be technical and are typically created for computer network administrators. A safer (and more practical) bet is to follow the tips above to secure your home network.

Packet sniffing FAQs


+

What is an example of a packet sniffer?

Any technology that helps you analyze network activity is a packet sniffer. One popular example is Wireshark.

Wireshark is a free tool that works with LAN and wireless networks. Wireshark captures packets so you can look at the data and protocol information. Most people use it for network performance and network security monitoring.


+

Does a VPN prevent packet sniffing?

A VPN creates an encrypted tunnel for data to travel through while you search the internet. Encryption scrambles data, which makes it unreadable and unusable to anyone who doesn’t have the decryption code. Because a cybercriminal won’t have the decryption code, they can’t read the encrypted data. Even if they intercept it, it’s meaningless to them.


+

What are the benefits of packet sniffing?

IT teams use packet sniffing to monitor network performance. Packet sniffing helps them:

  • Look for network performance issues
  • Measure network speed and response times
  • Identify critical resources that keep business processes online
  • Manage bandwidth usage to save money
  • Detect abnormal behavior that could be a cybercriminal

Bottom line

Packet sniffing isn’t good or bad. The reason a person uses sniffer tools is what makes them useful or dangerous.

The good news is that, with some awareness, you can protect yourself online. From awareness to antivirus software to ad blockers, you can keep yourself and your data safer.

Online Protection With VPN Access and Identity Monitoring
5.0
Editorial Rating
Learn More
On McAfee's website
All-In-One
McAfee
Save $90 on a 2-year plan
  • Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
  • Get a real-time Protection Score that measures your online safety and offers guidance to improve security
  • Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
  • Multiple pop-ups for text notifications can be annoying

Author Details
Karen Walsh is a lawyer and former-internal-auditor-turned-subject-matter-expert in cybersecurity and privacy compliance. Karen has been published by leading industry outlets and quoted by The New York Times and CNN Investigative reporters.