All About HackingBlackhat Hacking ToolsFree CoursesHacking

Hacker tools: Sniffers by Blackhat Paksitan 2023

In this article, we will look at the well-known concept of hacking tools – packet sniffers, how they work, what their common uses are, and then we will look at the most used packet sniffers.

Note: The tools listed in this article should be used for educational purposes only.

What is a packet sniffer?

Packet sniffers are used to monitor data transmitted over the network. It is used both by administrators for diagnostic or troubleshooting purposes and by hackers to steal data transmitted over a network. In other, very simple words, a packet sniffer is a program that can see all the traffic flowing back and forth across a network. Obviously, the placement of the packet sniffer in the environment is critical. Another point to note is that packet sniffing can be used for both wired and wireless networks.

Related article:How to Complete a Vulnerability Assessment with Nessus 2023

How does a packet sniffer work?

First, we need to understand that packet sniffing can be passive or active, and that it depends entirely on the sniffer’s capability and the design of the environment (hub or switch). Since all traffic on the computer is controlled by the network adapter (ethernet/wireless), sniffers work by configuring the system’s NIC in promiscuous mode.

What information can be obtained from a sniffer?

Any data that is transmitted over the network as plain text is vulnerable to sniffing. Imagine you are visiting an http website and the website requires authentication. Username and password over insecure http are vulnerable to packet sniffing. Now this may not make sense since most of the major sites are over https but imagine the same thing if the end user uses the same credentials for other sites like LinkedIn, Twitter etc. To add more to this problem imagine that the end user sends credit card information over an insecure protocol. This also requires secure storage of cryptographic keys, because if an attacker manages to steal the private key, it can be directly provided to a sniffer to decrypt all communications. Also, using weak standards like WEP is susceptible to sniffing.

Common uses of Sniffer

Sniffers are used to:

  • Packet capture helps diagnose and investigate network problems such as congestion
  • It helps filter network traffic
  • Detection of network abuse, vulnerabilities, malware, etc.
  • Sniffers are used unethically to steal confidential information exchanged between a source and a target.

List of the best sniffing tools

Below is a list of some popular sniffers that are designed for both wired and wireless connections. Also there are download links along with their documentation.


Kismet is an open source wireless network sniffer and is able to detect 802.11 a/b/g wireless network in the vicinity. Kismet is a passive sniffer that helps it discover hidden wireless networks while staying under cover. It works with wireless cards that support monitor mode, and because it works in passive mode, the client adapter is put into rfmon mode and not associated with any wireless access point (AP), meaning that the Kismet end client cannot maintain the network. management. Some features of kismet include:

Logging standard compatible with tcpdump and Wireshark
802.11 sniffing
Modular architecture – client/server
Light distant sniffing

Download from:


It is one of the oldest tools, but still very useful. It is capable of capturing traffic on a network segment, capturing passwords, and is useful for eavesdropping on logs. It supports features like monitoring live connections, content filtering, etc. It supports active and passive multi-protocol analysis and includes many network and host analysis features. It works in 2 main options:

  • Unified mode
  • Bridged mode

Download from:


It is a collection of instruments written by Dug Song. Some of the toolkit members include:

  • Dsniff: This is a password sniffer that handles protocols like FTP, HTTP, SMTP, etc. Uses Berkley DB as output file format
  • Dnsspoof: Creates DNS responses for a DNS server on the local network.
  • Webmitm: Scans HTTP/HTTPS redirected dnsspoof.
  • Sshmitm: Captures SSH traffic provided by dnsspoof.
  • Other members include filesnarf, macof, mailsnarf, sshow, tcpkill, tcpnice, urlsnarf, etc.


Download from:


It’s a wifi sniffer and it’s only available in a commercial version right now. It is available for both Windows and OS X (beta version). It searches for wireless networks using your WiFi adapter and also lists a lot of useful information about each network, such as their strengths, channel usage measurements, etc. It works very similarly on both Windows and OS X.

Download from:


Cain and Abel
Many of you might wonder what Cain and Abel is doing in this list because it is a popular password cracking tool, but we have to understand that it inherits the characteristics of a password sniffer. It is for Windows only. BPF filters are built into the tool by default, although it is mainly built to read password and other authentication information from the network. It supports various protocols like FTP, HTTP, IMAP etc.

Download from:



Caspa is available as both a free and a commercial version and is intended for the Windows operating system only. It works in 3 phases namely: data collection, data analysis and data output. When collecting data, it captures the packet using the NDIS and TDI protocol driver. In data analysis, it analyzes packets using various analyzers such as HTTP analyzer, email analyzer, FTP analyzer, IM analyzer, etc. and output the analysis to GUI. Its features are:

  • Detection of DDoS, Worm Attack, TCP scanning, etc.
  • It supports multiple network behavior monitoring including HTTP, DNS, FTP, etc.
  • Powerful conversion analysis.
  • Deep packet decoding.


Download from:


It is also a set of tools used to intercept wireless traffic and then crack weak keys such as WEP, WPA, WPA2-PSK. The procedure is as follows:

  • With airmon-ng, the first wireless network interface switches to monitor mode
  • Then airdump-ng is used to gather information about access points that are in range.
  • Note the BSSID and channel of the access point you want to sniff.
  • Now use airodump-ng is used to dump data for above AP
  • The process can be sped up with aireplay-ng, which embeds and replays packets from the AP.
  • Once the captured data is larger than 50Kb, aircrack-ng can be used to crack the WEP keys.

Download from:


This article covers the most popular sniffing tools and is not an exhaustive list.

Leave a Reply

Your email address will not be published. Required fields are marked *