Chapter 16: Sniffers

Overview

Have you ever taken a moment to consider just how much traffic is passing over the Internet every single day? Although people often compare traffic on a highway to the Internet, that’s not a terribly accurate analogy. Whereas highways are usually carrying people and objects from a source to a destination, the Internet is really more like hundreds of thousands of people in a large, crowded arena passing messages back and forth. If you think about it, when you make a connection to a host on the Internet, your data rarely goes directly from your computer to its destination. The data is actually traversing several “intermediate” points, such as routers, gateways, bridges, and firewalls. These devices all handle your message, but since the message isn’t addressed to them, they’re supposed to pass it on.

Even when two computers are linked together on a Local Area Network (LAN), they may not be passing messages directly to each other. If the LAN is connected using a switch, for example, your message should be sent directly to the recipient and no one else. Ethernet switches are smart and know which machine’s Ethernet (MAC) address is connected to which port.

But if you’re connected using a hub, hubs are not so smart. They don’t know what machine is on what port, so they broadcast the message to all ports, hoping the intended recipient will step up and say, “Oh, that’s me.” The other ports are supposed to ignore the message, since it’s none of their business—but they can hear it, nonetheless. Even switches will often have at least one port configured to receive copies of every message that comes in the vicinity (for administrative monitoring, normally). As you can see, plenty of opportunities exist for other people to overhear or intercept your messages. This chapter talks about tools that take advantage of these opportunities and put them to good use.

---

< Day Day Up >