# Malicious packet sniffing

In this video, we'll discuss

packet sniffing, with a focus on how

threat actors may use this technique to

gain unauthorized access to information.

Previously, you learned about

the information and data packets

that travel across the network.

Packets include a header which contains

the sender's and receiver's IP addresses.

Packets also contain a body, which

may contain valuable information like names,

date of birth, personal messages,

financial information, and credit card numbers.

Packet sniffing is the practice of using

software tools to observe

data as it moves across a network.

As a security analyst,

you may use packet sniffing to analyze and capture

packets when investigating ongoing incidents

or debugging network issues.

Later in this certificate program,

you'll gain hands-on practice

with some packet sniffing software.

However, malicious actors may also use

packet sniffing to look at

data that has not been sent to them.

This is a little bit like opening somebody else's mail.

It's important for you to learn about how

threat actors use packet sniffing

with harmful intent so you can be

prepared to protect against these malicious acts.

Malicious actors may insert themselves in the middle of

an authorized connection between two devices.

Then they can use packet sniffing to spy on

every data packet as it comes across their device.

The goal is to find valuable information in

the data packets that they can

then use to their advantage.

Attackers can use software applications

or a hardware device to look into data packets.

Malicious actors can access a network packet with

a packet sniffer and make changes to the data.

They may change the information

in the body of the packet,

like altering a recipient's bank account number.

Packet sniffing can be passive or active.

Passive packet sniffing is a type of

attack where data packets are read in transit.

Since all the traffic on a network

is visible to any host on the hub,

malicious actors can view

all the information going

in and out of the device they are targeting.

Thinking back to the example of a letter being delivered,

we can compare a passive packet sniffing

attack to a postal delivery person

maliciously reading somebody's mail.

The postal worker, or packet

sniffer, has the right to deliver the mail,

but not the right to read the information inside.

Active packet sniffing is a type of

attack where data packets are manipulated in transit.

This may include injecting

internet protocols to redirect the packets to

an unintended port or

changing the information the packet contains.

Active packet sniffing attack would

be like a neighbor telling the delivery person

"I'll deliver that mail for you," and then reading the mail

or changing the letter before putting it in your mailbox.

Even though your neighbor knows you

and even if they deliver it to the correct house,

they are actively going out of

their way to engage in malicious behavior.

The good news is that

malicious packet sniffing can be prevented.

Let's look at a few ways

the network security professional

can prevent these attacks.

One way to protect against

malicious packet sniffing is to use

a VPN to encrypt and protect

data as it travels across the network.

If you don't remember how VPNs work,

you can revisit the video about

this topic in the previous section of the program.

When you use a VPN,

hackers might interfere with your traffic,

but they won't be able to decode it

to read it and read your private information.

Another way to add a layer of

protection against packet sniffing is to make sure

that websites you have use

HTTPS at the beginning of the domain address.

Previously, we discussed how HTTPS uses SSL/TLS to

encrypt data and prevent eavesdropping

when malicious actors spy on network transmissions.

One final way to help protect yourself against

malicious packet sniffing is to

avoid using unprotected WiFi.

You usually find unprotected WiFi in

public places like coffee shops,

restaurants, or airports.

These networks don't use encryption.

This means that anyone on the network can access

all of the data traveling to and from your device.

One precaution you can take is avoiding

free public WiFi unless you have

a VPN service already installed on your device.

Now you know how threat actors may use

packet sniffing and how to

protect a network from these attacks.

Let's move on to discuss other network intrusions.