Using Wireshark, a hacker will try to obtain confidential information, such as usernames and passwords exchanged, while traveling through the network. Using packet analysis to sniff network traffic can achieve the following goals:

• Footprinting and reconnaissance: As a precursor to an active attack, hackers use Wireshark to capture unencrypted traffic in order to gather as much information about the target as possible. In addition, Wireshark can also be used to gather additional information such as IP and MAC address, open ports and services, and possible defense methods in place.
• Sniffing plain text passwords: Another use of packet sniffing by hackers is looking for passwords that are sent in plain text. Common protocols that are susceptible to packet sniffers are the protocols that are in plain text, such as SNMP, HTTP, FTP, Telnet, and VoIP.

An organization can defend against unauthorized packet sniffing in a couple of ways. There is anti-sniffer software that can detect sniffers on the network. However, one of the best ways to prevent data exposure is to use encryption. If someone captures the traffic, then the encrypted data will appear meaningless.

Next, we'll take a look at how hackers can also use Wireshark by actively sniffing and monitoring traffic as part of an Address Resolution Protocol (ARP) spoofing attack.