Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How far one can sniff the internet ?


  • Please log in to reply
1 reply to this topic

#1 brishi

brishi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 12 March 2009 - 12:52 AM

"Given the help of presently known sniffers like wireshark,kismet,...we can sniff the ethernet networks in which we are connected to,but how far it is possible if one wants to sniff data for an identified host/ip address over the internet for ethical purposes? Keeping aside,the data sniffed may be encrypted but can we and if yes what applications are there for sniffing data/emails,etc... over the internet if host ip address is identified ? Is it possible to capture by masking the local computer's say first three octets (xxx.xxx.xxx.0-255) to match target host computer ip first three octets and start capturing entire data over this range ? Or sniffers can be just used over LANs only?"

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:32 AM

Posted 15 March 2009 - 07:43 PM

One can only sniff a local network. I can not type in an IP address and intercept traffic going to that system. There is no way any tool can possibly look at the trillions of packets floating around the Internet and determine which ones are destined for a single IP. It would be like trying to examine every single snowflake during a blizzard.

People have figured out some ways to 'fool' the system as it were. For instance, suppose that I could change the domain resolution of Bleeping Computer so that all requests actually come to my server first, and then are transparently passed on to the real Bleeping Computer website. I could then examine all of the packets. There are a few other ways also, but none of them are legal unless authorized by a judge, and so are largely left to law enforcement types. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users