Search TQA Weekly
Log into your TQA Weekly

Packet Sniffer

Scanning your internet traffic

Steve Smith explains what a packet sniffer is, and why you want a VPN service, right now.

Episode #3-50 released on September 7, 2013

Packet Sniffers, allow businesses, internet service providers, governments, hackers, worried parents, and interested others to see what kind of traffic is passing in any given network through the use of deep packet inspection(DPI), while simultaneously recording all data being collected. This amazing tool is used to spy on data, analyze the traffic, find issues, and determine how to possibly fix problems, as well as, detect intruders on your network. And, did I mention, you'll be getting a VPN when I am done this episode.

How does a Packet Sniffer work?

Most Ethernet and Wireless card controllers function in a filtered mode that only accepts packets destined for that specific device. In an unfiltered or passive(promiscuous) mode, an Ethernet or Wireless card controller, on the same network as the communications of interest, can detect, analyze and record all traffic occurring in that specific network. Including free WIFI hotspots.

Can all network cards operate on a passive or promiscuous mode?

No. In fact, some networks card are intentionally handicapped by the manufacture, and their abilities are severely reduced to this extent. However, they aren't impossible to acquire and simply looking up promiscuous Ethernet controllers on Amazon.com will yield thousands of results.

Who can use packet sniffers, and does it require any expensive hardware or software?

Anyone can use packet sniffers, and chances are, your place of employ is currently sniffing all your traffic. Now, before you go completely off the deep end about your privacy at your place of employ, remember, you using their machines, and are being paid to be there, therefore you are expected to work, and therefore all interactions online are expected to be aligned with your designated tasks. Basically, do you social networking and porn watching at home.

Now, if you are a parent or legal guardian, and wonder what you kids are looking at, or chatting online about, then you can use the very same kinds of techniques, as your place of employ, to see what is going on, in your own network.

As for software, there is a great free and popular option, called Wireshark, available at http://www.wireshark.org that you may want to consider using. You may have to acquire an Ethernet controller capable of being used by this software, but that isn't actually all that expensive.

Is it possible to packet sniff encrypted traffic?

Yes, if you create your own self-signed certificate server in order to sign all SSL traffic migrating through your network. This is complicated, however, businesses actively use to technique to make sure you are working, and not doing things that can negatively impact the business or employee relations. Now, hopefully, your ISP is not doing this kind of certificate swapping, however, it is not impossible for them to do this, and many places in the world consider this specific action, normal behavior.

Can using a service like ProXPN, or any other VPN service defeat packet sniffing?

Yes, and unlike connecting to a specific site with SSL, using a VPN protects your data like encasing your connection inside of an unbreakable, locked pipe, keeping everyone out. The SSL certificates traveling within the VPN are, also, protected and preserved, as a result. The only reliable way of preserving the ability to use a packet sniffer, is to prevent VPN access, in the first place, which some businesses actively do. Now, if you are within a free WIFI hotspot, you aren't going to be prevented from accessing a VPN, so using one, will significantly reduce the others of your packets being sniffed, and recorded.

Are there any other devices that use packet sniffing or deep packet inspection software?

Yes, routers, servers, etc... Actually anything online that passes packets from one point to another has to use deep packet inspection, or packet sniffing software to be able to know where it is going. It is normal to log where packets came from, and where they are going, it is particularly rare that the data within is recorded.

Why is packet sniffing possible?

For the most part, the internet is plain-text, meaning, unencrypted. It is therefore possible to sniff traffic from most sites entering and interacting with various networks, including our own. Encrypted data shows up as being gibberish in the packet, however, the meta data for the packet sniffers is still there, and therefore, still possible to derive traffic patterns.

Next week, I will be diving into the subject of SQL injection, explaining what it is, how it works, and how to mitigate the risks, and in some case, completely block all the risks from these kinds of attacks.

Remember to like this episode if you were interested in today's topic, share if you think someone else could benefit from the topic, and subscribe if you want to learn more. For the show notes of this episode and others, for more information on other ways to subscribe to our show, to subscribe to our weekly newsletter, and how to participate by submitting your questions, comments, suggestions, and stories, head over to TQAWeekly.com.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources