With the amount of personal information that people put online and transmit through the Internet, security of how this data is sent is always a cause for concern.
Data sent through a network from one computer to another is not sent as one big block of data but in smaller pieces of data called packets.
Most network security efforts are directed at making a network secure from outside intrusions.
However, one form of a potential internal security breach is rogue packet sniffing.
Peeking into data
A packet sniffer is a device attached to a network or a program installed in one of the computers linked to a network that can detect or “sniff out” packets that are being sent to a particular computer.
Typically, this also involves translation of the various raw data packets into information that can be interpreted by people. A simple form of a packet sniffer is one that is able to monitor information going to a particular computer.
More complicated packet sniffers are able to detect and compile all the packets that go to all the computers linked to a particular network.
What is means for the good guys
Packet sniffers are actually useful tools for network and system administrators. They are able to tell whether all the computers that are required to be linked to a network are sending and receiving data as they should.
With packet sniffers, they are able to identify if there are any speed bottlenecks with data transmission, detect if there is any illegal use of the network, intercept any possible intrusion into the network, and monitor other security-related and connectivity-related issues.
What it means for the bad guys
However, packet sniffers can also be used to illegally look into the contents of packets being sent from one computer.
Packets being sent from your computer contain your usernames and passwords to accounts, the contents of your email, and other data that you might be sending to another computer within the network or outside your network.
Note that a packet sniffer can only do this if the packet sniffer is actually installed within your network.
Terminals outside your network cannot sniff data packets within your network.
It’s possible, but very difficult.
Security concerns
So how safe IS your data? It depends on how secure your network is. Physically, as long as no unauthorized computers or devices can be installed or connected to your network, then your data is secure.
Physical security also involves that only authorized users can use the computers on the network.
Users on your network should be aware that there are programs that they can inadvertently install, like a worm or Trojan, which can act as both a packet sniffer and a remote transmitter of data to an outside source.
Finally, the use of switches, which route data to the specific computers they’re meant for, instead of hubs which allow data to go to all computers regardless of which computer it is supposed to go to, can reinforce network security.
OK so I am an individual who is not so sniffing savvy. At home we have 2 people in control of Admin that are questionable. Let me explain, we have a living complex setup with a Red Hat Linux based system and from that branch 4 switches of which each has 6 homes on. One of the switches is within my house and so I and 5 other people are on which connects to a main switch or hub. I know the admin run the admin from their house via on of the other 3 switches. My question is, is there anyway to know if these indivuduals could or have been sniffing and monitoring me/others and are there any methods to protect myself within this sort of set up? I have no admin privledges and am concerned that some people are putting their nose where it does not belong. Any ideas, programs, websites, blogs that could help are appreciated. If it would help I can get models of the hubs/switches and how they are arranged thanks again.
Sincerely Clem
Hi Clem,
Sorry for not replying sooner.
The first thing you have to do is to make sure that only authorised computers are on your network.
A really simple tool for home or business network to know if people are on your network is a nice little piece of software called “Network Magic”.
Its so good even Cisco stepped in and bought them! I like it because its simple to install and use. Basically its typical plug and play.
See http://www.purenetworks.com/
If you are an admin, one sure fire way to make sure that only authorised people are on your network is to use only MAC addresses, especially if you have wifi, because as you may or not know, wifi encryption is not safe at all.
Usually your router or firewall can be set to only permit certain mac addresses and anything else is rejected, again, you need to be an admin for that.
At any rate, if you have network magic installed as soon as someone connects to your network, a little pop up window informs you so you can quickly take action.
If you suspect that internal network users are in fact packet sniffing, its going to be a bit hard to tell because once the data has left your machine, and its crossing the network and you have authenticated machines on the network, packet sniffing, you wont know.
The only safest way is to ensure that your packets that you send across the network are encrypted.
For emails this means using PGP or similar and on web site surfing only using sites that use SSL.
If you use FTP, then you should use SecureFTP.
Really, if you don’t have admin privileges then you should be careful about what you send especially if you suspect someone sniffing your data.
You should treat your network as if it were the main internet (because well the internet is basically one giant network).
Hope that info helps a little.
Craig.