Helping people with computers... one answer at a time.
We often hear that we need to protect ourselves from data sniffing, particularly at open WiFi hotspots. I'll look at what and how easy sniffing is.
I have read many articles on strangers/others sniffing on our network traffic or whatever we call it; in fact, it often appears in your newsletters. But what does it take to sniff on others network usage? How do people really do it? Do we need hacker tools or should we be a network geek or is it so simple that any Tom, Dick and Harry can do it? Somehow, I'm not able to understand how can others see what we are browsing on the internet right now. What does it mean when you say the 'unprotected data' is available for others to read it? I am not going to do anything illegal, I am just very curious!
It's very easy.
There's at least one tool that makes it easy to take over someone's social media connection if they happen to be logged in unprotected in an open WiFi hotspot.
Did I mention that it's easy? It's a Firefox browser add-on. If you can add an add-on, you can do this.
Other tools are typically fairly geeky, but they are well known and typically also free.
So with your laptop and free software, you too can start sniffing network traffic.
You know I'm going to start this with a big old disclaimer: I am not advocating that you use these tools to do anything illegal or immoral. And, depending on where you are, simply firing up these tools and looking at data flying by might be considered illegal. You're totally on your own to understand the laws and implications in your area.
That being said, there are often very legitimate uses for what are called "packet sniffers" and as such, these tools are well known. While I'll definitely be vague about some of the the how-to steps, even if I went into it in detail, I wouldn't be revealing anything that isn't publicly available elsewhere.
Should you decide to do or learn more, please remember to use your skills for good, not evil.
Firesheep is the browser add-on that I referred to earlier.
Firesheep uses a technique called "session hijacking" to ... well, hijack other people's sessions to many popular services.
The plugin works like this:
A user at an unencrypted, open Wifi hotspot has logged in to an online service. While the login step may have used encrypted https connections, the service reverts to unencrypted http for subsequent page views once logged in.
You launch Firesheep. In your browser, a list appears of any users, such as those that I've just described, that are also using the same unencrypted WiFi hotspot.
You click on the user's name on the list.
You are now logged in as them to whatever service it is that they were using.
Note: You did not get their password and you did not actually login as them. Firesheep hijacks an already logged in session and transfers to you the ability to "be" the logged in person.
And as that logged in person, you can do whatever that person might be able to do while logged in.
And yes, it really is that easy; install Firesheep (and possibly a required utility), run, and click.
Let's step back for a moment and look at one aspect of how WiFi† works.
WiFi is radio-based technology. What that means is that when your computer sends a packet of data to the wireless access point, that packet is actually broadcast, like radio, and any device capable of receiving that signal can receive and "see" the packet.
By definition, any laptop with WiFi capability is capable of receiving WiFi signals, so it is capable of seeing the packet. Each packet includes information indicating which specific device is the intended recipient and in general, WiFi devices ignore any packet that is not specifically addressed to it.
"Sniffing" is nothing more than the laptop examining or looking at the packets that it sees come by, even if they are not intended for that laptop.
So, if you have a laptop with WiFi, you probably already have all of the hardware that you need to sniff unencrypted wireless traffic.
Wireshark is free packet-sniffing software. It's labeled as a "network protocol analyzer" because it actually interprets the data within the packets based on the various protocols being used. But in order to do so, it starts by sniffing the packets. Then, it analyzes them.
Wireshark isn't for the casual user or novice. As you can see by the example above, it displays a lot of technical information in ways that only a geek could love.
But with a basic understanding of how it works, even a moderately technical person can capture data. Without even knowing anything about network protocols, you can typically view the unencrypted data contained within each packet clearly.
Including usernames and passwords. Or your email.
Install Wireshark, capture packets, and browse packets for "interesting" things.
Yes, it's that simple.
The key to staying safe is, of course, encryption.
In fact, Firesheep was created not to enable people to run around hijacking sessions, but rather to make it glaringly obvious how easily that it could be done.
And to shame the industry into making one change: use https always.
Https during login prevents your login credentials from being sniffed, but if the service returns to the unencrypted http connection, then everything that follows is visible to anyone who cares to use software such as I've described above. If the services simply continue to use https throughout your session, then all is protected. The packets can still be sniffed, but all that's visible is unintelligible random noise.
Https, WPA, VPNs are all technologies that use encryption and can protect you from someone sitting in a corner capturing all of the open WiFi traffic.
Without one of those in place then yes, sniffing and interpreting your traffic in an open WiFi hotspot is, as we've seen, very easy to do.
† This discussion actually applies to wired connections as well, except that routers and switches typically send packets on to only those wired connections where the actual destination is known to reside.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.