Malicious packet sniffing In this video, we'll discuss packet sniffing, with a focus on how threat actors may use this technique to gain unauthorized access to information. Previously, you learned about the information and data packets that travel across the network. Packets include a header which contains the sender's and receiver's IP addresses. Packets also contain a body, which may contain valuable information like names, date of birth, personal messages, financial information, and credit card numbers. Packet sniffing is the practice of using software tools to observe data as it moves across a network. As a security analyst, you may use packet sniffing to analyze and capture packets when investigating ongoing incidents or debugging network issues. Later in this certificate program, you'll gain hands-on practice with some packet sniffing software. However, malicious actors may also use packet sniffing to look at data that has not been sent to them. This is a little bit like opening somebody else's mail. It's important for you to learn about how threat actors use packet sniffing with harmful intent so you can be prepared to protect against these malicious acts. Malicious actors may insert themselves in the middle of an authorized connection between two devices. Then they can use packet sniffing to spy on every data packet as it comes across their device. The goal is to find valuable information in the data packets that they can then use to their advantage. Attackers can use software applications or a hardware device to look into data packets. Malicious actors can access a network packet with a packet sniffer and make changes to the data. They may change the information in the body of the packet, like altering a recipient's bank account number. Packet sniffing can be passive or active. Passive packet sniffing is a type of attack where data packets are read in transit. Since all the traffic on a network is visible to any host on the hub, malicious actors can view all the information going in and out of the device they are targeting. Thinking back to the example of a letter being delivered, we can compare a passive packet sniffing attack to a postal delivery person maliciously reading somebody's mail. The postal worker, or packet sniffer, has the right to deliver the mail, but not the right to read the information inside. Active packet sniffing is a type of attack where data packets are manipulated in transit. This may include injecting internet protocols to redirect the packets to an unintended port or changing the information the packet contains. Active packet sniffing attack would be like a neighbor telling the delivery person "I'll deliver that mail for you," and then reading the mail or changing the letter before putting it in your mailbox. Even though your neighbor knows you and even if they deliver it to the correct house, they are actively going out of their way to engage in malicious behavior. The good news is that malicious packet sniffing can be prevented. Let's look at a few ways the network security professional can prevent these attacks. One way to protect against malicious packet sniffing is to use a VPN to encrypt and protect data as it travels across the network. If you don't remember how VPNs work, you can revisit the video about this topic in the previous section of the program. When you use a VPN, hackers might interfere with your traffic, but they won't be able to decode it to read it and read your private information. Another way to add a layer of protection against packet sniffing is to make sure that websites you have use HTTPS at the beginning of the domain address. Previously, we discussed how HTTPS uses SSL/TLS to encrypt data and prevent eavesdropping when malicious actors spy on network transmissions. One final way to help protect yourself against malicious packet sniffing is to avoid using unprotected WiFi. You usually find unprotected WiFi in public places like coffee shops, restaurants, or airports. These networks don't use encryption. This means that anyone on the network can access all of the data traveling to and from your device. One precaution you can take is avoiding free public WiFi unless you have a VPN service already installed on your device. Now you know how threat actors may use packet sniffing and how to protect a network from these attacks. Let's move on to discuss other network intrusions.