Password sniffing is a technique for harvesting passwords that involves monitoring traffic on a network to pull out information. Software to do this automatically is available from several companies and people also can do it manually or write their own software for a specific purpose. While not always malicious in intent, it can be a security threat and there are steps that can be taken to protect a network from sniffing.
Programs or devices can be used to follow the traffic that moves across a network. They examine individual packets of data to pull out the ones that look interesting, including data that contains passwords. Sometimes, passwords are displayed in plain text inside the system, rather than encrypted, making it easy for the password sniffer to identify them and match them with user names. In other cases, a decryption program may be needed to pull passwords out of a data stream.
Any time a password is sent across a network, it is vulnerable to sniffing. People using remote access to reach a computer must enter passwords, as do people accessing various network assets like printers, in some cases. Computer users also enter passwords online to do everything from checking email to logging on to a social networking account. All of these activities generate network traffic that can be vulnerable to sniffing.
People who engage in password sniffing usually collect passwords, generating a long list of known user names and passwords for future use. Hackers, crackers, and other people interested in exploiting a system can sniff for passwords that might allow them to take over and access sensitive material. People can also use passwords to steal someone’s personal information. With this information in hand, it’s possible to take over accounts and assume a person’s identity or create a snarled mess that will take time to unravel.
Some malware and spyware comes with applications that sniff for passwords. These programs will harvest data and transmit it in addition to infecting other computers in a network.
Network administrators, especially on large networks, use a variety of techniques to combat password sniffing. These can range from requiring all users to install and use software that scans for viruses, malware, and other software exploits to limiting certain kinds of activity on a network in order to make it less vulnerable to attack. On public networks, like those found at colleges and libraries, exploits can be a big problem as a single user with an infected computer can endanger the whole network.