Chapter 16: Sniffers

OVERVIEW

Have you ever taken a moment to consider just how much traffic is passing over the Internet every single day? Although people often compare traffic on a highway to the Internet, that's not a terribly accurate analogy. Whereas highways are usually carrying people and objects from a source to a destination, the Internet is really more like hundreds of thousands of people in a large, crowded arena passing messages back and forth. If you think about it, when you make a connection to a host on the Internet, your data rarely go directly from your computer to its destination. The data actually traverse several intermediate points, such as routers, gateways, bridges, and firewalls. These devices all handle your message, but since the message isn't addressed to them, they're supposed to pass it on without peeking into it.

Even when two computers are linked together on a Local Area Network (LAN), they may not be passing messages directly to each other. If the LAN is connected using a switch, for example, your message should be sent directly to the recipient and no one else. Ethernet switches are smart and know which machine's Ethernet (MAC) address is connected to which port.

But your system may be connected to the LAN via a hub. Hubs don't know which system is on which physical port, so they broadcast the message to every system in the hope that the intended recipient will step up and say, "Oh, that's me." The other systems are supposed to ignore the message, since it's none of their business—but they can see it, nonetheless. Even switches will often have at least one port configured to receive copies of every message that comes across it (for administrative monitoring, normally). As you can see, plenty of opportunities exist for other people to overhear or intercept your messages. This chapter talks about tools that take advantage of these opportunities