What is Network Sniffing?
Last updated on: 26th March 2018
The information here is intended only for scientific and elucidation purposes and should not be misused!
If you want to analyze your network, so you can connect a computer in promiscuous mode to capture all the data passed through your entire network and not only the data which is addressed to a special computer. This can sometimes be helpful to find out if any devices or programs are forwarding (sensitive) data to a not allowed destination.
However, it should be also clear to everyone that there is another special scenario where any technical device or program can be abused (it must be prepared already) to store collected data locally. Because the initiator may not want to take the risk of being caught, for example, by a legal sniffer (your own sniffer), who would otherwise recognize this. In this scenario there must be a way to get the stored data out from the attacking target, for example by artificially induced defect, which triggers a guarantee / warranty event or perhaps other approaches that is not mentioned here. In order to find such types of sniffer you have to do reverse engineer the device or the program, but this is very time consuming.
This article is not a call to panic. It is intended to sensitize / clarify. For a healthy computer scientist, a little bit of paranoia should be allowed😉.
In order to sniff the network, we need programs such as WireShark, which is available as an OpenSource program for all operating systems (Windows/Mac/Linux). There are enough pages on the WorldWide Web (www) how to install and use this tool for forensic data analysis. This tool can be also used to analyze USB-Devices.
By using e.g. the http and not the https protocol all the data including your login data such as passwords etc. are sent unencrypted through the network – from your computer to the server. All nodes between your computer and the destination computer can read these information. With WireShark you can see these data how your browser hast sent it to the server.
Please be aware that there a more than one way to collect your data e.g. Bluetooth, RFID/NFC, PowerLAN/dLAN etc. Some of the technologies are already in use e.g. biometric passports, identity card, credit card, bank card/debit card etc. All the data which is stored in those things can be read out by passing and contactless. Sure, you should also know if the data is stored securely on those medium, which frequency spectrum is used for communication etc. Those who are interested in your data, they’ll find a way.
Why are data so precious – that is not the topic here. In that case, you should better understand things like Data-Mining etc. Then you’ll soon see how powerful someone can extract new information out of the existing data.
There are also possibilities to hack or wiretap a classic mobile phone (does not even have to be a Smartphone) or a cordless telephone (DECT). These interception devices can be soldered by any hobbyist in the cellar. See the following articles:
- Heavy security gaps when using cordless telephones with DECT [only in German language]
- Electromagnetic shielding
- Transmitter power output
- EMF measurement
KnowHow for B2B
- Frequency modulation
- Radio (The way how a radio works → sending and receiving)
- Cellular frequencies, see above by electromagnetic shielding
- Hardware-Fuzzing: Hintertüren und Fehler in CPUs aufspüren (Heise.De, article in German language)
[Translation: Hardware fuzzing: Backdoors and bugs in CPUs]
- Die Geschichte von Junipers enteigneter Hintertür (Heise.De, article in German language)
[Translation: The story of Juniper's expropriated backdoor]
- TR-069 protocol (Wikipedia-Article):
- A Primer on Information Theory and Privacy
- Category: Computer Science
- Published: Sunday, 12 February 2017 10:15
- Written by Anandakumar Sujanthan