Misc Links
Forum Archive
News Archive
File DB


(nothing here)



Latest Forum Topics
wow 56 k modems are
Posted by Red Squirrel
on Oct 14 2013, 11:52:23 pm

I Need A Program
Posted by rovingcowboy
on Sep 23 2013, 5:37:59 pm

having trouble witn lan
Posted by rovingcowboy
on Sep 23 2013, 5:40:56 pm

new problem for me
Posted by rovingcowboy
on Sep 23 2013, 5:54:09 pm

RBC Royal Bank
Posted by Red Squirrel
on Aug 13 2013, 6:48:08 pm


What are packet sniffers and are they good or bad?
Internet eavesdropping, network diagnostic and more
By Red Squirrel

The way the data is sent over a network is a similar fashion of a courier company. Let's say you need to send a bunch of stuff somewhere, it may need to be sent in separate boxes. Same thing with internet data. If you're sending a huge file, for example, it is broken up into "boxes" or more specifically, packets. A packet sniffer will "sniff" these packets so you can see them when you retrieve the log. So by looking at the log you can see each packet's content. A packet has a header, with the information such as the source, destination, ports, and other information. Then there's also the body which is the actual data to be sent. The body is usually what is wanted as it contains the actual data sent or received, such as the HTTP request.

Carnivore, FBI's now retired packet sniffer concentrated mostly on emails. So it would only sniff packets that are emails. Carnivore also filtered out the content of emails. If it had the word terrorism, bomb, weapons, destruction, etc. Then it puts the packet in a cue to be manually checked by humans to see if it's terrorist related activity. So chance are if you send an email through the states that has suspicious keywords, it would have been read by the FBI. If it's nothing to be scared of, it would be disregarded. But that's only if it passed through a line that has a Carnivore installation on it, as it is not a 24/7 thing as far as I know.

This is where packet sniffers are controversial, because they can easily be used to eavesdrop on people. The FBI was using it for a good cause - homeland security, but it could easily be abused by them, or anyone else using it. Given they had the right to hook it to pipelines they could get quite allot of conversations! Let's face it, the Internet is not what you should use if you are transferring something that needs to be 100% private! The easiest way to go is to always assume someone else may read your message before it reaches the right person. So never send out your credit card number in any way without using sophisticated encryption, such as 128-bit SSL.

Carnivore is one packet sniffer property of the FBI, but there are free ones available as well. Someone could sneak one on a library network and see what people are doing etc. With knowledge of a game's net code you could basically track down every movement of the character of someone playing a game. The possibilities of packet sniffing are endless. But this is what makes them so exciting to use.

But are they only good for eavesdropping? Nope. They have quite allot of positive uses such as diagnosing network problems, to tracking down suspicious activity and can even be a good learning tool to learn how a certain protocol works. If you want to write a browser for example, you need to learn HTTP so you can sniff a bunch of HTTP sessions of your own then analyze what the client sends, and what the server responds with.

On the next page we'll take a look at a popular one called Ethereal.

Next Page
28758 Hits Pages: [1] [2] [3] 1 Comments

Latest comments (newest first)
Posted by Red Squirrel on February 02th 2005 (15:40)
Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.
View all comments
Post comment

Top Articles Latest Articles
- What are .bin files for? (669062 reads)
- Text searching in linux with grep (161180 reads)
- Big Brother and Ndisuio.sys (150471 reads)
- PSP User's Guide (139547 reads)
- SPFDisk (Special Fdisk) Partition Manager (117240 reads)
- How to Use MDADM Linux Raid (188 reads)
- What is Cloud Computing? (1225 reads)
- Dynamic Forum Signatures (version 2) (8769 reads)
- Successfully Hacking your iPhone or iTouch (18714 reads)
- Ultima Online Newbie Guide (35906 reads)
corner image

This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2021 Ryan Auclair/IceTeks, All rights reserved