What are packet sniffers and are they good or bad? [Page of 3]

Misc Links

Ads

Age of Valor - Ultima Online Free Shard
AoS/SE/ML/Custom - advanced code, dedicated staff, peerless bosses, non overpowered customs + much much more

Latest Forum Topics

Disable UAC in windows Vista/7/2008
Posted by Red Squirrel
on Jun 24 2009, 1:52:50 pm

IE 8 update error
Posted by rovingcowboy
on Jun 15 2009, 8:18:40 am

77' Chevy Nova
Posted by MikeDB
on Jun 25 2009, 4:36:46 pm

Bought a house
Posted by Triple6_wild
on Jun 15 2009, 3:22:07 am

computer desk chairs/office chairs
Posted by Onykage
on May 08 2009, 9:57:00 am

Send spam to: website@xeonlive.com nick@xeonlive.com georgiapeach1241@aol.com What are packet sniffers and are they good or bad?
Internet eavesdropping, network diagnostic and more
By Red Squirrel

The way the data is sent over a network is a similar fashion of a courier company. Let's say you need to send a bunch of stuff somewhere, it may need to be sent in separate boxes. Same thing with internet data. If you're sending a huge file, for example, it is broken up into "boxes" or more specifically, packets. A packet sniffer will "sniff" these packets so you can see them when you retrieve the log. So by looking at the log you can see each packet's content. A packet has a header, with the information such as the source, destination, ports, and other information. Then there's also the body which is the actual data to be sent. The body is usually what is wanted as it contains the actual data sent or received, such as the HTTP request.

Carnivore, FBI's now retired packet sniffer concentrated mostly on emails. So it would only sniff packets that are emails. Carnivore also filtered out the content of emails. If it had the word terrorism, bomb, weapons, destruction, etc. Then it puts the packet in a cue to be manually checked by humans to see if it's terrorist related activity. So chance are if you send an email through the states that has suspicious keywords, it would have been read by the FBI. If it's nothing to be scared of, it would be disregarded. But that's only if it passed through a line that has a Carnivore installation on it, as it is not a 24/7 thing as far as I know.

This is where packet sniffers are controversial, because they can easily be used to eavesdrop on people. The FBI was using it for a good cause - homeland security, but it could easily be abused by them, or anyone else using it. Given they had the right to hook it to pipelines they could get quite allot of conversations! Let's face it, the Internet is not what you should use if you are transferring something that needs to be 100% private! The easiest way to go is to always assume someone else may read your message before it reaches the right person. So never send out your credit card number in any way without using sophisticated encryption, such as 128-bit SSL.

Carnivore is one packet sniffer property of the FBI, but there are free ones available as well. Someone could sneak one on a library network and see what people are doing etc. With knowledge of a game's net code you could basically track down every movement of the character of someone playing a game. The possibilities of packet sniffing are endless. But this is what makes them so exciting to use.

But are they only good for eavesdropping? Nope. They have quite allot of positive uses such as diagnosing network problems, to tracking down suspicious activity and can even be a good learning tool to learn how a certain protocol works. If you want to write a browser for example, you need to learn HTTP so you can sniff a bunch of HTTP sessions of your own then analyze what the client sends, and what the server responds with.

On the next page we'll take a look at a popular one called Ethereal.

Next Page
spacer

16505 Hits

Pages: [1] [2] [3]

4 Comments

Latest comments (newest first)

Posted by Red Squirrel on February 02th 2005 (14:40)
Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.
spacer

Posted by anonymous on February 02th 2005 (13:45)
I think the author of this article totally forgot to mention how EASY it is to sniff all clients data on SWITCHED networks (on the same network segment of course). Take a look at tools like dniff and ettercap.
spacer

Posted by Kestrel on January 01th 2005 (10:15)
I second Packetyzer by Network Chemistry. It does a fantastic job of decoding a myriad of protocols, much better than ethereal itself. It actually sits on top of ethereal and the winpcap driver.

It also has better support for inspecting wireless networks.
spacer

Posted by char on January 01rd 2005 (04:41)

my favourites in this relationship:
www.packetyzer.com
ettercap.sf.net
spacer

View all comments
Post comment

Top Articles	Latest Articles
- What are .bin files for? (534186 reads) - Big Brother and Ndisuio.sys (134447 reads) - PSP User's Guide (114960 reads) - SPFDisk (Special Fdisk) Partition Manager (84264 reads) - Text searching in linux with grep (81986 reads)	- Dynamic Forum Signatures (version 2) (2172 reads) - Successfully Hacking your iPhone or iTouch (9670 reads) - Ultima Online Newbie Guide (16531 reads) - BBcode editor: PHP - The sensible approach (14004 reads) - The Hitch Hikers guide to "the mouse" (12397 reads)