Post on 22-Jan-2018
Network Sniffers
Privacy Protection
Thamer AlsuhbaniMikel Solabarrieta
We are going talk about
How do computers communicate in a LAN?
How can we avoid be a victim?
What is a Network Sniffer?
Which are the risks of being monitored?
Sniffers in Wired and Wireless Networks
Conclusions
How do computers communicate in a LAN?
-- A local area network (LAN) is a computer network that interconnects computers within a limited area --
General Idea
-- Sometimes things are not as we expected --
What is a Network Sniffer?
-- A network sniffer monitors data flowing over computer network links in real time. --
What is a Network Sniffer?
Sniffer mode
-- Network adapters have differents operation modes --
How can be this possible?
>> non-promiscuous mode
>> promiscuous mode
>> monitor mode
-- If the package is not for this device drop it --
-- If the package is not for this device do not worry allow it in --
-- Just for wireless, it will capture everything in the “air” --
remember, at this point network adapters are filtering package using MAC address (LAYER2)
-- Network adapters have differents operation modes --
How can be this possible?
>> promiscuous mode
Wired + Hub - do receive everything (broadcast, unicast and multicast packages, we really meant everything)
*Wireless - it should receive everything on a network to which you have associated (broadcast, unicast and multicast packages, we really meant everything)
Wired + Switch - do not receive everything (broadcast, unicast and multicast packages, that were send to this device)
* it sometimes works, but it depends of the network adapters drivers
-- Network adapters have differents operation modes --
How can be this possible?
>> monitor mode
Wireless - it must receive everything in the air (having in count, frequency, signal strength, channel, etc.)
remember, we are sniffing the “air”, we are going to collect everything of every network (SSID) around, we do not need to be joined to one of them at all
Sniffers in Wired and Wireless Networks
Hub-based network
-- In a hub, a frame is passed along or "broadcast" to every one of its ports --
Unclever device
-- broadcasting the same data out of each of its ports --
Sniffers in Wired and Wireless Networks
Switch-based network
-- In a switch, a frame is passed to only one or multiple devices that need to receive it --
Smart device
-- each port have a device and the switch will send the package directly to a port --
Sniffers in Wired and Wireless Networks
Access point-based network
-- In wireless networks the communication going through the air using radio communication techniques--
-- The air is the way and we can sniff the air--
Which are the risks of being monitored?
FTP
-- Some protocols were designed to manipulate data in plain text --
TELNET
SMTPHTTPPOP3IMAPv4SNMP
plain text
SFTP
HTTPS*
encrypted
SMTPS*
SSH*S
This is for SSL or TLS
Which are the risks of being monitored? plain text - http
Which are the risks of being monitored? plain text - ftp
How can we avoid be a victim? no longer plain text- sftp
How can we avoid be a victim? no longer plain text- https
How can we avoid be a victim?
-- We should follow good practices when we are surfing on internet --
-- We should avoid using old and insecure known protocols --
Can I sniff someone else wifi?
Is this illegal?
Thanks
Questions