Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Sniffing

  1. #1
    Junior Member
    Join Date
    Sep 2001
    Posts
    4

    Sniffing

    Hi all. I am looking for a way to log all the data (binary) that enters and leaves my computer. I understand that the usual way to do this is through a sniffer. However I am on a university network and they are quite strict about catching folks with stuff like that - we had a few people kicked out last year. What I want is something that can only detect the data intended for my computer and originating from my computer. It then won't be possible for them to accuse me of trying to listen in on anyone elses stuff. Does anyone know anything that would do this?

    Cheers!

  2. #2
    Junior Member
    Join Date
    Sep 2001
    Posts
    4

    Sniffing

    Hi all. I am looking for a way to log all the data (binary) that enters and leaves my computer. I understand that the usual way to do this is through a sniffer. However I am on a university network and they are quite strict about catching folks with stuff like that - we had a few people kicked out last year. What I want is something that can only detect the data intended for my computer and originating from my computer. It then won't be possible for them to accuse me of trying to listen in on anyone elses stuff. Does anyone know anything that would do this?

    Cheers!

  3. #3
    Junior Member
    Join Date
    Sep 2001
    Posts
    20

    0_o

    binary data? hmmm.... I wasn't aware that packets were binary. Silly me. And I don't think there is a way to do what you want.

  4. #4
    Junior Member
    Join Date
    Sep 2001
    Posts
    4
    Aren't they binary? ASCII perhaps? I don't know. I was just guessing. Thanks for your reply anyway.

  5. #5
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Well, do you mean all NETWORK traffic in and out? If so, you should use a packet sniffer. The problem is that these tools can be easily 'misused' to nefarious ends. I think the best thing you can do is find some tech-teacher or system administrator who you know and can get along with (or, failing that, whoever is in charge) and ask them if you can use one so long as it only logs your own computer traffic.

    The problem is that on some networks you can detect what is being sent to other computers, by putting your network-card into 'promiscuous' mode, and many of the tools out there, like Ethereal can be easily misused.

    If you just want to see WHO your computer talks to, and what on your computer talks to it, it is a lot easier. If you want to actually have the Raw data (Usually Ascii when you make it look nice), it's a bit less easy to do that in a non-network-admin-threatening-way.
    [HvC]Terr: L33T Technical Proficiency

  6. #6
    Junior Member
    Join Date
    Sep 2001
    Posts
    4
    Thanks Terr, it is really the former that I was wanting to do, but I would also be interested in how you would know what is communicating with what. Can you tell me a bit about that? Thanks.

  7. #7
    OK.. here we go witha little lesson on sniffing:
    A) It's not detectable from a remote network source (by any method that I have heard of) This is because the packets are never modified only looked at. So, unless you're on the local machine, or, you put this sniffer on a machine that someone can find the running pid, then you're OK.
    B) As for logging the binary data? Sure you can, why you would is beyond me because of the fact that every packet that is read by your sniffer is going to be a the form of a "packet frame". A "bundle" with a specific format that it's wrapped in to be sent across the network. Logging this raw data will corrupt the binary. It's the job of the TCP/IP or whatever network stack to correctly maintain the binary data structure.
    You could log plaintext information form your sniffer, but then, that would just be unethical.
    Jason Parker - http://www.o-negative.net
    o-Negative: Information Network

  8. #8
    Member
    Join Date
    Sep 2001
    Location
    Belgium
    Posts
    95

    Post sniffing

    Hi dudez,

    I'm not sure wether a sysop could effectively trace someone who's sniffing, but I'm quite sure that @stake laboratories have a tool called AntiSniff, which should detect any NIC in promiscous mode. Since I'm not sure, replies are allways welcome.

    Grtz,

  9. #9
    AtHome itself is a violation of privacy anyway. If you would read your TOS, they explicitly say that they can basically use your system for whatever they want.

    So, them having devised a network of machines that run security scan "authorized-scan*.home.com" is not put passed them.

    As for them to be able to detect a sniffer, possible, but not likely for them to be able to use it on such a widespread network.

    They would have to have some serious access to your system to be able to detect your NIC in promisc, if I'm not mistaken.
    This isn't something that you're able to send packets at and detect because it's a read only thing. Maybe I'm wrong..
    Jason Parker - http://www.o-negative.net
    o-Negative: Information Network

  10. #10
    Junior Member
    Join Date
    Sep 2001
    Posts
    4
    Thanks guys, just a few more questions. What is a "running pid" Jason? And how would I know if someone could find it?

    Just to clarify, it would be the data extracted from the packets I would want. For example for a Web page request I would want to see the HTTP but not the TCP/IP.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •