#wireshark #hacking #networking
When it comes to being a formidable force in the networking world, knowing how to circle the network to find sources of data, to find holes. That's the official reason packets sniffers exist, to secure your network. But as every tool designed for good can be used for evil, I think its time to dig into packet sniffers a bit.
Without jumping into what the OSI model is, I think its easy to agree that a packet is at the network level, packets travel around a network, that's accurate to the OSI model, hell I might even explain the OSI model at a later date. What a packet is, is data over a wire. When anyone logs into facebook, or saves a file to a network drive, maybe logs into their NAS while at starbucks, all the data traveling over the wire does so in packet form. Many people get skeptical of the internet for these exact reasons, their info is on a copper line headed somewhere, is it secure?
In most cases it is secure if it needs to be. Facebook is generally secure, there are flaws and holes in a few things they've done, and sniffing for packets was a primary problem. So what does sniffing for packets do really? Sure its data over a wire, but what the hell does it mean? Isn't internet traffic all 1's and 0's?
Yes at the base level it is nothing but 1's and 0's, but that doesn't help anything anywhere. So the structure of network traffic (or really computers as a whole) take and assign these 1's and 0's in an order that has a head and a tail with info in the middle. The head will tell where everything goes, the tail says when that packet ends, and its a long string of data, its all framed up and sent out. These 1's and 0's aren't exactly random, they need a destination and a dead point leaving us no ability to just stall out. Its all needed to make out digital world function. The data in the middle is known as the payload.
I feel like I should explain the difference between a hub and a switch before I continue on, but due to the fact I want to stay on topic, I'll let that wait for another day and let everyone know now, DON'T USE HUBS!! I'll explain later.
Since everything is easier to explain via scenarios and stories I'll do that. Now lets assume someone with a packet sniffer, and some random individual are sitting at a small cafe in their neighborhood. The random internet user can browse and do what he so chooses without interruption, go to facebook? No problem. Go on twitter? No problem. With a packet sniffer this information is locked, even if the sniffer sees data, its encrypted and completely useless. But then the user decides to shop on a website like (fake website) HTTP://www.NFLJerseys.RU and saves big money, might be getting a counterfeit jersey but hell its 50% cheaper than in the store, bargain right?
Not so fast, this website is HTTP not HTTPS, so all communication with the vendor is unencrypted, all data transferred over the wire is plain text, credit card info, personal info, maybe even their social, all plain text over the wire. Free to anyone who has the knowledge of grabbing it. And WiFi is extremely insecure since it only allows for half duplex data transfer, and its essentially a glorified hub (once again all this will be explained another day).
This is why hackers both ethical and unethical love packet sniffers, and everyone in these groups needs one. I personally use wireshark as I'm used to a Windows Environment, but when I hop onto one of my linux machines I use Snort. All network traffic can be monitored within reason, I can't steal your facebook account or twitter account this way... there are other ways which is another topic for another day.
Today's lesson? If your an aspiring hacker, download a packet sniffer. If you're not a hacker and want to be safe? Don't put any personal info on a website that's HTTP and not HTTPS.
Until next time, be safe my goblins.
Without jumping into what the OSI model is, I think its easy to agree that a packet is at the network level, packets travel around a network, that's accurate to the OSI model, hell I might even explain the OSI model at a later date. What a packet is, is data over a wire. When anyone logs into facebook, or saves a file to a network drive, maybe logs into their NAS while at starbucks, all the data traveling over the wire does so in packet form. Many people get skeptical of the internet for these exact reasons, their info is on a copper line headed somewhere, is it secure?
In most cases it is secure if it needs to be. Facebook is generally secure, there are flaws and holes in a few things they've done, and sniffing for packets was a primary problem. So what does sniffing for packets do really? Sure its data over a wire, but what the hell does it mean? Isn't internet traffic all 1's and 0's?
Yes at the base level it is nothing but 1's and 0's, but that doesn't help anything anywhere. So the structure of network traffic (or really computers as a whole) take and assign these 1's and 0's in an order that has a head and a tail with info in the middle. The head will tell where everything goes, the tail says when that packet ends, and its a long string of data, its all framed up and sent out. These 1's and 0's aren't exactly random, they need a destination and a dead point leaving us no ability to just stall out. Its all needed to make out digital world function. The data in the middle is known as the payload.
I feel like I should explain the difference between a hub and a switch before I continue on, but due to the fact I want to stay on topic, I'll let that wait for another day and let everyone know now, DON'T USE HUBS!! I'll explain later.
Since everything is easier to explain via scenarios and stories I'll do that. Now lets assume someone with a packet sniffer, and some random individual are sitting at a small cafe in their neighborhood. The random internet user can browse and do what he so chooses without interruption, go to facebook? No problem. Go on twitter? No problem. With a packet sniffer this information is locked, even if the sniffer sees data, its encrypted and completely useless. But then the user decides to shop on a website like (fake website) HTTP://www.NFLJerseys.RU and saves big money, might be getting a counterfeit jersey but hell its 50% cheaper than in the store, bargain right?
Not so fast, this website is HTTP not HTTPS, so all communication with the vendor is unencrypted, all data transferred over the wire is plain text, credit card info, personal info, maybe even their social, all plain text over the wire. Free to anyone who has the knowledge of grabbing it. And WiFi is extremely insecure since it only allows for half duplex data transfer, and its essentially a glorified hub (once again all this will be explained another day).
This is why hackers both ethical and unethical love packet sniffers, and everyone in these groups needs one. I personally use wireshark as I'm used to a Windows Environment, but when I hop onto one of my linux machines I use Snort. All network traffic can be monitored within reason, I can't steal your facebook account or twitter account this way... there are other ways which is another topic for another day.
Today's lesson? If your an aspiring hacker, download a packet sniffer. If you're not a hacker and want to be safe? Don't put any personal info on a website that's HTTP and not HTTPS.
Until next time, be safe my goblins.
Blogger Comment
Facebook Comment