Instructions 

Methods for stealing cookies. Experiment: how to steal personal data using free Wi-Fi Data interception application for Android

Interception programs for Android is a relatively new “invention” that is gaining popularity. Today, when technology, and in particular the Internet, has penetrated into all spheres of our lives and the rule of good, modern tone has become the presence of several personal pages on social networks, it is not surprising that people want, as before, to be aware of the lives of others. Especially when it comes to your colleagues, acquaintances, bosses, loved ones and family.

Interception from Android is carried out less often than other “spy” exercises for the simple reason that it is not so easy to listen to someone else’s device. We need appropriate technical equipment, which only the special services have. But today, some craftsmen have gone further and offer the sophisticated public services for hacking accounts, online surveillance, and even in reality (detectives). But how effective is all this? You won't know until you see it in person...

Interception of messages: difficulties and reality

Interception messages With Android Today they are performed by all and sundry - both craftsmen and various services. There are a lot of proposals for intercepting calls, hacking pages on networks, remotely hacking devices, only they have different pitfalls - either the performer is unreliable (he looks like a blackmailer), or he asks for money in advance (a pig in a poke, no less), and the result is may not be worth the cost and effort you put in. Another thing is special services. Looking ahead, let’s say that they cost money (not much), but they earn their money’s worth. But not all services are equally functional and effective.

The difficulty in intercepting messages is that not every program For interception data With android compatible with devices and has wide functionality. After all, communication is not limited to calls alone: ​​people send more often SMS and messages in instant messengers, and dozens of them a day. So, you need a standing one program for android to intercept packets– SMS, calls, messages from instant messengers, preferably visited pages on the Internet ( interceptionhttprequests for android will show frequently visited resources, which will help parents in monitoring their children).

And also take into account this technological nuance: if it is stated that the program can intercept any incoming and outgoing packets, then it must have support - a server paired with a service that will process a lot of messages, because simple smartphone and programs simply cannot be done.

ServiceVkurSe

VkurSe is a service and program of the same name for interception A packages android. Its functionality is superior to any other solution:

  • intercept SMS from Android: incoming and outgoing messages, forwarding all messages in an archive to email;
  • interception of VKontakte messages With android a: you can read all messages from instant messengers, including Viber, Whatsapp;
  • intercept calls and SMS on Android: calls are recorded, archived and forwarded to you;
  • android interceptionWiFi: you can use a keyword query to disable WiFi network access for the listening device;
  • positioning of the listening device via GPS;
  • record microphone remotely via request with keyword;
  • changing the lock code via message;
  • reboot, turn on and off the phone;
  • snapshot front camera if the password is entered incorrectly;
  • clearing phone memory via SMS;
  • archiving of all phone actions through your personal account on the website;
  • uploading all intercepted files to Google Drive.

This is only part of what the VkurSe service and program provides.

Interception Security

The biggest drawback of most programs for intercepting information from phones is that they can be easily detected. The program itself performs interception, archiving and forwarding of packets, which greatly loads RAM and the device being listened to and the phone for which the packages are intended. The tapped phone begins to constantly freeze, then turns on, then reboots, the traffic is greatly consumed and its owner immediately realizes that something is wrong. He looks at the task manager or even scans the phone on the PC and detects a spy. Another thing is the VkurSe program. Eg, interception of messagesWhatsapp for android requires sending a large package at once and from one phone to another it will take time. This is where VkurSe comes to the rescue, processing the request and sending only actual information to your personal account on the website. Android traffic interception falls on the shoulders of the entire service, which greatly facilitates monitoring of correspondence and calls, and plus - it does not overload the phone. InterceptionWhatsapp android is completed in a matter of minutes and you can already read all the correspondence in your email in the form of a report, or in your personal account.

As we said earlier, all interception and surveillance services operate strictly for a fee. But VkurSe made a small exception for the user: on the site in the download category there are versions for interception A sms With android for free– you can test the program and service within 7 days from the moment of registration, and then decide whether you want to continue using the service or not.

In conclusion, let’s say that VkurSe is a really working service and program For interception SMS on android and more, which gives 100% results. Of course, there is the issue of a small user fee, but the truth is always worth every penny spent on it.

“A smartphone with hacking tools? There is no such thing,” we would have told you just recently. It was possible to launch some of the usual tools for implementing attacks only on some Maemo. Now, many familiar tools have been ported to iOS and Android, and some hack-tools have been specially written for the mobile environment. Can a smartphone replace a laptop in penetration tests? We decided to check it out.

ANDROID

Android is a popular platform not only for mere mortals, but also for the right people. The number of useful ][-utilities here is simply off the charts. For this we can thank the UNIX roots of the system - this has greatly simplified the porting of many tools to Android. Unfortunately, some of them are not allowed by Google. Play Store, so you will have to install the corresponding APK manually. Also, some utilities require maximum access to the system (for example, the iptables firewall), so you should take care of root access in advance. Each manufacturer uses its own technology here, but find necessary instructions simple enough. A good set of HOWTOs was put together by the LifeHacker resource (bit.ly/eWgDlu). However, if you couldn’t find a particular model here, the XDA-Developers forum (www.xda-developers.com) always comes to the rescue, where you can find various information on virtually any model of Android phone. One way or another, some of the utilities described below will work without root access.

Let's start the review with an unusual package manager. The developers call it “utilities for superusers,” and this is not far from the truth. After installing BotBrew, you receive a repository from which you can download great amount familiar tools compiled for Android. Among them: Python and Ruby interpreters for running numerous tools that are written in them, a tcpdump sniffer and an Nmap scanner for network analysis, Git and Subversion for working with version control systems, and much more.

Network scanners

An inconspicuous smartphone, which, unlike a laptop, fits easily into a pocket and never raises suspicion, can be useful for network exploration. We have already said above how you can install Nmap, but there is another option. PIPS is a port of the Nmap scanner specifically adapted for Android, albeit an unofficial one. This means you can quickly find active devices on the network, determine their OS using fingerprinting options, perform a port scan - in short, do everything that Nmap is capable of.

There are two problems with using Nmap, despite all its power. Firstly, the parameters for scanning are transmitted through launch keys, which you must not only know, but also be able to enter using an inconvenient mobile keyboard. And secondly, the scanning results in the console output are not as clear as we would like. The Fing scanner does not have these shortcomings; it very quickly scans the network, does fingerprinting, and then displays in a clear form a list of all available devices, dividing them by type (router, desktop, iPhone, and so on). At the same time, for each host you can quickly view a list of open ports. Moreover, right from here you can connect, say, to FTP, using the FTP client installed in the system - very convenient.

When it comes to analyzing a specific host, the NetAudit utility can be indispensable. It works on any Android device (even non-rooted) and allows you not only to quickly identify devices on the network, but also to examine them using a large fingerprinting database to identify operating system, as well as CMS systems used on the web server. There are now more than 3,000 digital fingerprints in the database.

If, on the contrary, you need to work at a lower level and carefully examine the operation of the network, then you cannot do without Net Tools. It is indispensable at work system administrator a set of utilities that allows you to fully diagnose the operation of the network to which the device is connected. The package contains more than 15 different types of programs, such as ping, traceroute, arp, dns, netstat, route.

Traffic manipulation

The tcpdump-based sniffer honestly logs all data into a pcap file, which can then be studied using familiar utilities like Wireshark or Network Miner. Since no capabilities for MITM attacks are implemented in it, it is rather a tool for analyzing your traffic. For example, this is a great way to study what programs installed on your device from dubious repositories convey.

If we talk about combat applications for Android, then one of the most sensational is FaceNiff, which implements interception and injection into intercepted web sessions. By downloading the APK package with the program, you can run this hack tool on almost any Android smartphone and, by connecting to a wireless network, intercept accounts of a variety of services: Facebook, Twitter, VKontakte, and so on - more than ten in total. Session hijacking is carried out using the ARP spoofing attack, but the attack is only possible on unprotected connections (FaceNiff cannot wedge into SSL traffic). To curb the flow of scriptdis, the author limited the maximum number of sessions to three - then you need to contact the developer for a special activation code.

If the creator of FaceNiff wants money for using it, then DroidSheep is a completely free tool with the same functionality. True, you won’t find the distribution kit on the official website (this is due to Germany’s harsh laws regarding security utilities), but it can be found on the Internet without any problems. The main task of the utility is to intercept user web sessions of popular social networks, implemented using the same ARP Spoofing. But with secure connections trouble: like FaceNiff, DroidSheep flatly refuses to work with the HTTPS protocol.

This utility also demonstrates the insecurity of open wireless networks, but on a slightly different plane. It does not intercept user sessions, but allows HTTP traffic to pass through itself using a spoofing attack, performing specified manipulations with it. Starting from the usual pranks (replacing all the pictures on the site with troll faces, flipping all the images or, say, replacing Google results) and ending with phishing attacks, when the user is given fake pages of such popular services, like facebook.com, linkedin.com, vkontakte.ru and many others.

If you ask which hack utility for Android is the most powerful, then Anti probably has no competitors. This is a real hacker combine. The main task of the program is to scan the network perimeter. Next, various modules enter the battle, with the help of which a whole arsenal is implemented: eavesdropping on traffic, carrying out MITM attacks, and exploiting found vulnerabilities. True, there are also disadvantages. The first thing that catches your eye is that the exploitation of vulnerabilities is carried out only from the central program server, which is located on the Internet, as a result of which you can forget about targets that do not have an external IP address.

Traffic tunneling

Well known file manager now on smartphones! As in the desktop version, there is a system of plugins for connecting to various network directories, as well as a canonical two-panel mode - especially convenient on tablets.

Okay, but how can you ensure the security of your data that is transmitted over an open wireless network? In addition to VPN, which Android supports out of the box, you can create an SSH tunnel. For this purpose, there is a wonderful SSH Tunnel utility, which allows you to route the traffic of selected applications or the entire system as a whole through a remote SSH server.

It is often necessary to send traffic through a proxy or SOX, and in this case ProxyDroid will help out. It's simple: you choose which application traffic you want to tunnel, and specify a proxy (HTTP/HTTPS/SOCKS4/SOCKS5 are supported). If authorization is required, ProxyDroid also supports this. By the way, the configuration can be linked to a specific wireless network by making different settings for each of them.

Wireless network

The built-in wireless network manager is not very informative. If you need to quickly get a complete picture of nearby access points, then the Wifi Analyzer utility is an excellent choice. It will not only show all nearby access points, but will also display the channel on which they operate, their MAC address and, most importantly, the type of encryption used (having seen the coveted letters “WEP”, we can assume that access to the secure network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to a visual signal strength indicator.

This utility, as its developer states, can be useful when the wireless network is filled to capacity with clients who use the entire channel, and it is at this moment that a good connection and stable connection is needed. WiFiKill allows you to disconnect clients from the Internet either selectively or based on a specific criterion (for example, it is possible to make fun of all the Yabloko members). The program simply performs an ARP spoofing attack and redirects all clients to themselves. This algorithm is stupidly simply implemented on the basis of iptables. This is the control panel for fast food wireless networks :).

Web Application Audit

Manipulating HTTP requests from a computer is a piece of cake; there are a huge number of utilities and browser plugins for this. In the case of a smartphone, everything is a little more complicated. Send a custom HTTP request with the parameters you need, for example the desired cookie or changed User-Agent, HTTP Query Builder will help. The result of the request will be displayed in a standard browser.

If the site is password protected using Basic Access Authentication, then you can check its reliability using the utility Router Brute Force ADS 2. Initially, the utility was created to brute force passwords on the router admin panel, but it is clear that it can be used against any other resource with similar protection. The utility works, but is clearly crude. For example, the developer does not provide for brute force, but only brute force using a dictionary.

Surely you have heard about such a sensational program for disabling web servers as Slowloris. The principle of its operation is to create and hold the maximum number of connections with a remote web server, thus preventing new clients from connecting to it. So, AnDOSid is an analogue of Slowloris right in your Android device! I'll tell you a secret, two hundred connections are enough to ensure unstable operation of every fourth website running the Apache web server. And all this - from your phone!

Various utilities

When working with many web applications and analyzing their logic, it is quite common to encounter data transmitted in encoded form, namely Base64. Encode will help you decode this data and see what exactly is stored in it. Perhaps, by substituting quotes, encoding them back into Base64 and substituting them in the URL of the site you are researching, you will get the coveted database query error.

If needed hex editor, then it is also available for Android. With HexEditor you can edit any files, including system files, if you elevate the program's rights to superuser. An excellent replacement for a standard text editor, allowing you to easily find the desired piece of text and change it.

Remote access

Once you have access to a remote host, you need to be able to use it. And for this we need clients. Let's start with SSH, where ConnectBot is already the de facto standard. In addition to a convenient interface, it provides the ability to organize secure tunnels via SSH connections.

A useful program that allows you to connect to a remote desktop via RDP or VNC services. I’m very glad that these are two clients in one; there is no need to use different tools for RDP and VNC.

Specially written for Android browser MIB, with which you can manage network devices using the SNMP protocol. It can be useful for developing an attack vector on various routers, because the standard community string (in other words, an access password) for management via SNMP has not yet been canceled.

iOS

No less popular among security utility developers iOS platform. But if in the case of Android rights While root was needed only for some applications, jailbreak is almost always required on Apple devices. Fortunately, even for the latest iDevices firmware (5.1.1) there is already a jailbreak tool. Together with full access you also get an alternative manager Cydia applications, which already contains many utilities.

Working with the system

The first thing I want to start with is installing the terminal. For obvious reasons, it is not included in the standard delivery of the mobile OS, but we will need it to run console utilities, which we will discuss further. The best implementation of a terminal emulator is MobileTerminal - it supports multiple terminals at once, gestures for control (for example, for sending Control-C) and is generally impressive in its thoughtfulness.

Another, more complex option to gain access to the device's console is to install OpenSSH on it (this is done through Cydia) and connect to it locally through an SSH client. If you use the right client like iSSH, which has amazing controllability touch screen, then this method is even more convenient than through MobileTerminal.

Data interception

Now that you have access to the console, you can try the utilities. Let's start with Pirni, which went down in history as a full-fledged sniffer for iOS. Unfortunately, the structurally limited Wi-Fi module built into the device cannot be switched to the promiscuous mode necessary for normal data interception. So to intercept data, classic ARP spoofing is used, with the help of which all traffic is passed through the device itself. The standard version of the utility is launched from the console, where, in addition to the MITM attack parameters, the name of the PCAP file is specified, into which all traffic is logged. The utility has a more advanced version - Pirni Pro, which boasts graphical interface. Moreover, it can parse HTTP traffic on the fly and even automatically pull out interesting data from there (for example, logins and passwords), using regular expressions, which are set in the settings.

The well-known sniffer Intercepter-NG, which we have written about several times, has recently had a console version. As the author says, most of the code is written in pure ANSI C, which behaves the same in almost any environment, so the console version worked from the very beginning both on desktop Windows, Linux and BSD, and on mobile platforms, including iOS and Android . The console version already implements grabbing passwords transmitted over a variety of protocols, intercepting instant messenger messages (ICQ/Jabber and many others), as well as recovering files from traffic (HTTP/FTP/IMAP/POP3/SMTP/SMB). At the same time, network scanning functions and high-quality ARP Poison are available. For correct operation, you must first install the libpcap package via Cydia (don’t forget to enable development packages in the settings). All startup instructions boil down to setting the correct rights: chmod +x intercepter_ios. Next, if you run the sniffer without parameters, a clear interactive Itercepter interface will appear, allowing you to launch any attacks.

It’s hard to believe, but this sophisticated tool for implementing MITM attacks was finally ported to iOS. After a tremendous amount of work, we managed to make a full-fledged mobile port. To save yourself from dancing with a tambourine around dependencies during self-compilation, it is better to install an already built package using Cydia, after adding theworm.altervista.org/cydia (TWRepo repository) as a data source. The kit also includes the etterlog utility, which helps to extract various types of traffic from the collected dump. useful information(for example, FTP access accounts).

Wireless Network Analysis

In old iOS versions craftsmen ran aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to study Wi-Fi, we will have to be content with only Wi-Fi scanners. WiFi Analyzer Analyzes and displays information about all available 802.11 networks around, including information about SSID, channels, vendors, MAC addresses and encryption types. The utility builds visual graphs in real time based on the data present on the air. With such a program it is easy to find the physical location of the point if you suddenly forget it, and, for example, look at the WPS PIN, which can be useful for connecting.

Network scanners

What program does any penetration tester use anywhere in the world, regardless of goals and objectives? Network scanner. And in the case of iOS, this will most likely be the most powerful Scany toolkit. Thanks to a set of built-in utilities, you can quickly get a detailed picture of network devices oh and, for example, open ports. In addition, the package includes network testing utilities such as ping, traceroute, nslookup.

However, many people prefer Fing. The scanner has quite simple and limited functionality, but it is quite enough for the first acquaintance with the network of, say, a cafeteria :). The results display information about available services on remote machines, MAC addresses and host names connected to the scanned network.

It would seem that everyone has forgotten about Nikto, but why? After all, you can easily install this web vulnerability scanner, written in a script language (namely Perl), via Cydia. This means that you can easily launch it on your jailbroken device from the terminal. Nikto will be happy to provide you with Additional information on the tested web resource. In addition, you can add your own search signatures to its knowledge database with your own hands.

This powerful tool for automatically exploiting SQL vulnerabilities is written in Python, which means that once you install the interpreter, you can easily use it directly from your mobile device.

Remote control

Many network devices (including expensive routers) are managed using the SNMP protocol. This utility allows you to scan subnets for available services SNMP with pre-known community string values ​​(in other words, standard passwords). Note that searching for SNMP services with standard community strings (public/private) in an attempt to gain access to device management is an integral part of any penetration test, along with identifying the perimeter itself and identifying services.

Two utilities from the same manufacturer are designed to connect to a remote desktop via RDP protocols and VNC. Similar utilities in App Store There are many, but these are the ones that are especially convenient to use.

Password recovery

The legendary program that helps millions of hackers around the world “remember” their password has been ported to iOS. Now you can search passwords for services such as HTTP, FTP, TELNET, SSH, SMB, VNC, SMTP, POP3 and many others directly from your iPhone. True, for a more effective attack it is better to stock up good dictionaries for brute force.

Everyone knows firsthand the vulnerability of using standard passwords. Pass Mule is a kind of directory that contains all kinds of standard logins and passwords for network devices. They are conveniently organized by vendor name, product, and model, so finding the one you need won't be difficult. The program is rather designed to save time on searching for a manual for the router, the standard login and password for which you need to find out.

Exploiting vulnerabilities

It’s hard to imagine a more hacking utility than Metasploit, and that’s what concludes our review today. Metasploit is a package of various tools whose main task is to exploit vulnerabilities in software. Imagine: about 1000 reliable, proven and necessary exploits in the daily life of a pentester - right on your smartphone! With the help of such a tool you can really establish yourself in any network. Metasploit not only allows you to exploit flaws in server applications - tools are also available to attack client applications (for example, through the Browser Autopwn module, when a combat payload is inserted into client traffic). Here it must be said that mobile version The toolkit does not exist, but you can install it on an Apple device standard package, using .

This is a well-known application on the Android OS in certain circles, which allows you to scan and intercept Internet sessions. The functionality of the utility will provide the ability to hack accounts even on an encrypted network (WPA2 only).

Characteristic

FaceNiff is used to intercept web sessions. The application works as follows. You are connecting to public network Wifi. The utility scans a common access point and determines sessions available for interception.

The user selects the “victim” and, after seconds of waiting, can already send messages on behalf of the “victim” from his account to social network or forum, make orders on the site, as well as carry out other illegal actions.

Peculiarities

The operating principle of the program is based on the vulnerability of traffic transmission. Thus, only the password/user login verification step is encrypted. Further, access to the account is supported by regular codes that are sent along with the site’s cookies. These codes can be easily intercepted using the FaceNiff application and, accordingly, the account can be taken over until the victim himself logs out of the account and the friend-foe comparison using cookies stops.

The vast majority of sites suffer from this, even such well-known ones as FaceBook, Twitter, Amazon, VKontakte, Evernote, Dropbox, etc. What can we say about ordinary forums, ordinary online stores, and user resources.

The picture shows that the cookie contains the line wordpress_logged_in_263d663a02379b7624b1028a58464038=admin. This value is in unencrypted form in the cookie and can be easily intercepted using the Achilles utility, but in most cases in Achilles you can only see the hash of a particular entry. Before sending the request to the server, you can try to replace this line with any similar one (although in this case there is no point) - the number of attempts is not limited. Then, by sending this request to the server using the Send button, you can receive a response from the server intended for the administrator.

In the previous example, you can use direct user ID spoofing. In addition, the name of the parameter, replacing the value of which provides additional features hacker, can be the following: user (for example, USER=JDOE), any expression with an ID string (for example, USER=JDOE or SESSIONID=BLAHBLAH), admin (for example, ADMIN=TRUE), session (for example, SESSION=ACTIVE), cart (for example, CART=FULL), as well as expressions such as TRUE, FALSE, ACTIVE, INACTIVE. Typically format cookies very much depends on the application for which they are used. However, these tips for finding application flaws using cookies apply to almost all formats.

Client-side countermeasures against cookie extraction

In general, users should be wary of Web sites that use cookies for authentication and to store sensitive data. It is also important to remember that a Web site that uses cookies for authentication must support at least SSL protocol to encrypt the username and password, since in the absence of this protocol the data is transmitted in unencrypted form, which allows them to be intercepted using the simplest software to view data being sent over the network.

Kookaburra Software has developed a tool to facilitate the use of cookies. The tool is called CookiePal ( http://www.kburra.com/cpal.html (see www.kburra.com)). This program is intended to warn the user when a Web site attempts to install a cookie on the machine, and the user can allow or deny this action. Similar cookie blocking functions are available in all browsers today.

Another reason for regularly installing Web browser updates is that security flaws in these programs are constantly being identified. So, Bennet Haselton and Jamie McCarthy created a script that, after clicking on a link, retrieves cookies from the client's machine. As a result, all the contents of the cookies that are on the user's machine become available.

This kind of hack can also be done using the handle

To ensure that such things do not threaten our personal data, I do this myself and advise everyone to always update software that works with HTML code (e-mail clients, media players, browsers, etc.).

Many people prefer to simply block cookies, but most Web sites require cookies to be browsed. Conclusion - if in the near future an innovative technology appears that allows you to do without cookies, programmers and administrators will breathe a sigh of relief, but for now cookies remain a tasty morsel for a hacker! This is true, since there is no better alternative yet.

Server-side countermeasures

In case of recommendations for ensuring server security, experts give one simple piece of advice: do not use the cookie mechanism unless absolutely necessary! Particular care must be taken when using cookies that remain on the user's system after the end of the communication session.

Of course, it is important to understand that cookies can be used to provide security to Web servers for user authentication. If your application does need to use cookies, you should configure the cookie mechanism to use different short-lived keys for each session, and try not to put information in these files that could be used by hackers for hacking (such as ADMIN=TRUE).

Additionally, to make your use of cookies more secure, you can use cookie encryption to prevent sensitive information from being extracted. Of course, encryption does not solve all security problems when working with cookie technology, but this method will prevent the most basic hacks described above.

Wireshark will be an excellent assistant for those users who need to perform detailed analysis network packets, - traffic computer network. The sniffer easily interacts with such common protocols as netbios, fddi, nntp, icq, x25, dns, irc, nfs, http, tcp, ipv6 and many others. During analysis, it allows you to separate a network packet into the appropriate components, according to a specific protocol, and display readable information in numerical form on the screen.
supports a huge number of different formats of transmitted and received information, and is able to open files that are used by other utilities. The principle of operation is that the network card goes into broadcast mode and begins intercepting network packets that are in its visibility area. Can work as a program for intercepting wifi packets.

How to use wireshark

The program studies the contents of information packets that pass through the network. To launch and use the results of the sniffer’s work, you do not need any specific knowledge, you just need to open it in the “Start” menu or click on the icon on the desktop (launching it is no different from any other Windows programs). A special function of the utility allows it to capture information packets, carefully decrypt their contents and return them to the user for analysis.

After launching wireshark, you will see the program's main menu on the screen, which is located at the top of the window. It is used to control the utility. If you need to load files that store data about packets caught in previous sessions, as well as save data about other packets caught in a new session, then you will need the "File" tab to do this.

To launch the network packet capture function, the user must click on the "Capture" icon, then find a special menu section called "Interfaces", with which you can open a separate "Wireshark Capture Interfaces" window, where all available network interfaces should be shown, through which will capture the necessary data packets. In the case when the program (sniffer) is able to detect only one suitable interface, it will display the entire important information about him.

The results of the utility are direct evidence that, even if users do not independently (in this moment time) transfer of any data, the exchange of information on the network does not stop. After all, the principle of operation local network is that to maintain it in operating mode, each of its elements (computer, switch and other devices) continuously exchange service information with each other, therefore such network tools are designed to intercept such packets.

There is also a version for Linux systems.

It should be noted that the sniffer is extremely useful for network administrators and services computer security, because the utility allows you to identify potentially unprotected network nodes - likely areas that can be attacked by hackers.

In addition to its direct purpose, Wireshark can be used as a tool for monitoring and further analysis network traffic in order to organize an attack on unprotected areas of the network, because intercepted traffic can be used to achieve various goals.