A sniffer is a program or mechanism that silently tracks traffic of certain network. It obtains information/data while surfing on the net. There are legal sniffers for useful purposes and malicious sniffers. Poker sniffers are used for troubleshooting of network, network monitoring, detection of hackers attack, etc. But malicious sniffers have one more function- they spy network users and collects their passwords. And also they might be used for reverse protocol engineering.
Sniffers are not active programs. They just monitors users and collects passwords. That is why they are hardly detected, but not invisible. There are some methods that programmers use for sniffers detection:
- Ping method (This is already useless method because it's too old and not very reliable);
- ARP Watch;
- IDS method;
- Latency
- ARP method.
Note that these methods are mostly for programmers and used on a Switched Ethernet.
Prevention against sniffers is available. User or administrator of the system can use encryption. It will protect personal data and information, because everything that sniffer may obtain will be useless information. Switched network is a good solution against malicious sniffers. Also it is recommended to use HTTPS and not HTTP. One more prevention tool is to switch to SSH if it's possible.
If you're administrator of the network or professional programmer you have the ability to attack sniffer. This method is called flooding. You can flood sniffer with packets. But note that's dangerous if you do not know how it works.
Remember that using Instant Messenger is unsafe. Every word and action can be tracked. There's only one messenger that support immunization from sniffer- it is Jabber Instant Messenger.
Like viruses and spyware, sniffers also have anti-sniffer software. These softwares will improve your security:
For Linux users:
For Microsoft's operating systems:
- Anti Sniff;
- Snort;
- ARP Watch.