DonkBoy Internet
Home of the famous
Information Archives.
Terms of use  
 

Everyone has heard of the legally dubious packet sniffers. Do you know what they are, or what they do ? additionally, federal laws protect the privacy of users of wire and electronic communications, Individuals who access electronic files or intercept network communications without appropriate authorization   may be subject to criminal penalties. Downloading and using these tools is done entirely at your own risk per our Terms of use  .

Unlike telephone circuits, computer networks are shared communication channels. It is simply too expensive to dedicate local loops to the switch (hub) for each pair of communicating computers. Sharing means that computers can receive information that was intended for other machines. To capture the information going over the network is called sniffing.

Sniffer programs display the contents of all packets passing through a particular network, regardless of whether they are intended for that computer. Although sniffer programs have legitimate uses as diagnostic tools, they can be employed for malicious activity as well.

Packet sniffing is a form of wire-tap applied to computer networks instead of phone networks. It came into vogue with Ethernet, which is known as a "shared medium" network. This means that traffic on a segment passes by all hosts attached to that segment. Ethernet hardware contained a filter that prevented the host machine from actually seeing any other traffic than that belonging to the host. Sniffing programs turn off the filter, and thus see everyones traffic.

If you insist on playing with them in spite of the potential legal questions, these can be downloaded from the internet.

"Iris" Network Traffic Analyzer. and  The CommView v2.0 Sniffer  as well as Ethereal

If you are interested in learning more about packet sniffing,    I believe you'll find that the following additional resources are worth your examination:

  1. What is a Packet Sniffer ?
    http://www.sinica.edu.tw/cc/course/unix-overview/node26.html
  2. Sniffing network wiretap, sniffer
    http://www.robertgraham.com/pubs/sniffing-faq.html
  3. Packet Storm's MAJOR packet sniffing page
     http://packetstorm.securify.com/sniffers/
  4.  "TCP for the Uninitiated - Part I (Introduction and Background)
     http://www.dragonmount.net/tutorials/tcpip/part1/intro.htm
  5.  An overview of the TCP/IP protocol suite
     http://www.acm.org/crossroads/xrds1-1/tcpjmy.html
  6.  RFC1180 - A TCP/IP Tutorial
     ftp://ftp.isi.edu/in-notes/rfc1180.txt
  7.  An Introduction to TCP/IP
     http://www.yale.edu/pclt/COMM/TCPIP.HTM
  8.  Uri Raz's (amazing) TCP/IP resource page
     http://www.private.org.il/tcpip_rl.html
  9.  The Protocol.com Web Site
     http://www.protocols.com
  10.  An example packet sniffer (written in Perl)
     http://stein.cshl.org/~lstein/talks/WWW6/sniffer/
  11. How to Watch Spyware Watching You!
      http://grc.com/oo/packetsniff.htm

Log File Analysis vs. Packet Sniffing
 Comparative Analysis of Internet Traffic Data Collection Models
White Paper

Modified
 Friday, January 12, 2007

GoStats stats counter
GoStats stats counter