Because the packets are not encrypted, they can be sniffed, but this relies on the legitimate user transferring data/being connected at the time, the hacker however cannot connect to the AP until he/she discovers the MAC.If I already have mac filtering how can they sniff the packets then?