Packet sniffing (also called network sniffing or traffic analysis) is the practice of capturing data packets as they travel across a network. Network administrators use it for troubleshooting; attackers use it to steal passwords, session tokens, and unencrypted communications.
How Packet Sniffing Works
Every device on a network sends data in small chunks called packets. A packet sniffer (like Wireshark) puts a network interface into promiscuous mode, allowing it to capture packets not addressed to it. On shared networks (especially unencrypted Wi-Fi), a sniffer can see all traffic passing through.
What Attackers Can Capture
| Traffic Type | Vulnerable? | What Is Exposed |
|---|---|---|
| HTTP (unencrypted) | Yes | Usernames, passwords, form data, cookies |
| HTTPS (TLS encrypted) | No | Only metadata (destination IP, timing) |
| Unencrypted email (SMTP/POP3) | Yes | Full email content and credentials |
| DNS queries (standard) | Yes | Every site you visit |
| DNS over HTTPS | No | Encrypted — destination hidden |
| VPN traffic | No | Encrypted tunnel — contents hidden |
Where You Are Most at Risk
- public Wi-Fi — Open networks have no encryption; anyone can sniff traffic
- Compromised routers — Attackers with access to your router can see all traffic
- Corporate networks — IT teams may legitimately monitor traffic for security
How to Protect Yourself
- Always use HTTPS — check for the padlock before entering any credentials
- Use a VPN on public Wi-Fi to encrypt all traffic before it leaves your device
- Use DNS over HTTPS to prevent DNS query exposure
- Avoid using unencrypted email protocols (SMTP without TLS)
People Also Ask
- Is packet sniffing illegal?
- Sniffing your own network traffic for diagnostics is legal. Sniffing traffic on a network you do not own or administer, or capturing others' data without authorization, is illegal in most jurisdictions under computer fraud and wiretapping laws.
- Can a VPN stop packet sniffing?
- Yes. A VPN encrypts all traffic between your device and the VPN server. Even if an attacker captures your packets, they see only encrypted data and cannot read the contents.
Related: Public Wi-Fi risks | VPN leaks | VPN Leak Test