Packets are the units of data that travel over a network. Everything you do on the internet uses them. When you download a file or send an email, that file or email gets broken down into parts of a certain size, or “packets”. Each packet includes information that will help it get where it needs to go, and once all the packets have arrived and have been reassembled, you have your whole file or email again.
A packet analyzer, or packet “sniffer”, is a kind of software or hardware that can intercept and monitor packets as they traverse a network. In this way, IT professionals and cybercriminals alike can effectively check on the contents of files and communications traveling to, from, or within a network.
Packet sniffers can be used in two modes: filtered and unfiltered. Filtered packet sniffing means the analyzers will look for specific data, and will only capture or copy packets that contain that data. Unfiltered packet sniffing means all packets are captured and/or copied, regardless of the data they contain. They can also capture a broad range of information, including which websites a particular user visits, what they view, the destinations and contents of any emails or messages they send, and any files they download.
Packet sniffers do have legitimate purposes, such as helping administrators at companies keep track of employees’ network use and protecting end users from malicious files, communications, and processes. However, they can also be used maliciously. For example, if an employee at a company mistakenly downloads a malware-laden file that contains a packet sniffer, the sniffer could record data transmitted on the corporate network and send reports to the cybercriminals behind it. The criminals could then use that data to launch further attacks, extort money from the company or its employees, and more.