Sniffing Networks And Network Security

When you transmit data between your computer and the rest of the world, you are not the only one who can see and hear your data in transit. Generally, your transmissions are intended for a specific recipient, which is typically a server of some sort. A PHP server receives web requests and generally responds with a web page as the results. Email deliveries are received and processed by recipient mail servers. FTP exchanges, streaming media and other protocols may be viewed as the same entity, “data in transit.”

Any and all data you transmit from your intranet out to the Internet is visible to others. Although encrypted data is not easily decrypted and understood by others, the encrypted data is as easily accessible as the unencrypted data. Regardless of the protocol or level of protection on the data, it is important to understand that the data is accessible to others.

This is not to say that ALL other users can access your data while it is in transmission, but it does mean that somewhere along the way, it is probably that there is someone who could access it. A technique for accessing data that is between your computer and an Internet target is called Sniffing or Snorting. There are various terms and variations on their definitions, but the basic concept is still the same.

Let’s consider an intranet at the workplace as an example. You may be using instant chat, email, or blogging. Of course, you’d never use our work computer for personal gain or entertainment, so you have nothing to fear about being observed. When you send your data out, your computer doesn’t discern between pathways along the ethernet cables. It sends the transmission and it hits everyone on your local network, probably including the guy next to you and down the hall. Your request was sent to a specific Internet or intranet IP Address, so their machines will ignore transmissions that don’t match their own IP Address. Most computers are setup to ignore background noise, which are transmissions that don’t apply to them.

With the right software (Sniffer), another user can tell his computer to listen to any and all transmissions that aren’t intended for his computer. The transmissions can be separated into groups based on the target IP Address, creating a history of communication for a specific IP Address. Your transmissions are separated into chunks of data called Packets. Each packet has a bit of information assigning the target IP Address and the source IP Address. The raw data looks like jibberish, but that’s just where the fun starts.

Assuming you didn’t bother to encrypt your data or use an encrypted service like Skype, the data you are transmitting is quite readable. The average Sniffer decodes the basic format of the data and displays “human text” for the user. Everything you type can be viewed by person Sniffing your data. Email messages, instant chats, web requests and form submissions, and many other transmissions types are now his to crawl through. Since the Sniffer most likely saved a history of all the data you sent, he can review it at his leisure.

Since usernames & passwords, GET and POST data from forms, realm logins, and other sensitive information can now be easily read, you must assume everything you do can be shared with everyone in your office. This is why encryption is so important to protect your data. Sniffers may record the encrypted data in transit, but won’t decipher the data… unless you use poor encryption or the other guy gets VERY lucky.

Man-In-The-Middle Attacks are different and similar. This requires the other person to conduit your transmissions rather than simply sniff them remotely. This is a different subject that may sound the same, but is not.

CAVEATS:  Don’t transmit unencrypted information through the intranet or Internet unless you would be happy sharing it with everyone. Use services that have encryption built in. Don’t use your office computer to browse or connect to content that risks your job. That’s what your home computer is for!

One thought on “Sniffing Networks And Network Security

Leave a Reply