Helping people with computers... one answer at a time.
We often hear that we need to protect ourselves from data sniffing, particularly at open WiFi hotspots. I'll look at what and how easy sniffing is.
I have read many articles on strangers/others sniffing on our network traffic or whatever we call it; in fact, it often appears in your newsletters. But what does it take to sniff on others network usage? How do people really do it? Do we need hacker tools or should we be a network geek or is it so simple that any Tom, Dick and Harry can do it? Somehow, I'm not able to understand how can others see what we are browsing on the internet right now. What does it mean when you say the 'unprotected data' is available for others to read it? I am not going to do anything illegal, I am just very curious!
•
It's very easy.
There's at least one tool that makes it easy to take over someone's social media connection if they happen to be logged in unprotected in an open WiFi hotspot.
Did I mention that it's easy? It's a Firefox browser add-on. If you can add an add-on, you can do this.
Other tools are typically fairly geeky, but they are well known and typically also free.
So with your laptop and free software, you too can start sniffing network traffic.
•
Caveat
You know I'm going to start this with a big old disclaimer: I am not advocating that you use these tools to do anything illegal or immoral. And, depending on where you are, simply firing up these tools and looking at data flying by might be considered illegal. You're totally on your own to understand the laws and implications in your area.
That being said, there are often very legitimate uses for what are called "packet sniffers" and as such, these tools are well known. While I'll definitely be vague about some of the the how-to steps, even if I went into it in detail, I wouldn't be revealing anything that isn't publicly available elsewhere.
Should you decide to do or learn more, please remember to use your skills
for good, not evil. 
Firesheep
Firesheep is the browser add-on that I referred to earlier.
Firesheep uses a technique called "session hijacking" to ... well, hijack other people's sessions to many popular services.
The plugin works like this:
-
A user at an unencrypted, open Wifi hotspot has logged in to an online service. While the login step may have used encrypted https connections, the service reverts to unencrypted http for subsequent page views once logged in.
-
You launch Firesheep. In your browser, a list appears of any users, such as those that I've just described, that are also using the same unencrypted WiFi hotspot.
-
You click on the user's name on the list.
-
You are now logged in as them to whatever service it is that they were using.
Note: You did not get their password and you did not actually login as them. Firesheep hijacks an already logged in session and transfers to you the ability to "be" the logged in person.
And as that logged in person, you can do whatever that person might be able to do while logged in.
And yes, it really is that easy; install Firesheep (and possibly a required utility), run, and click.
Packet Sniffing
Let's step back for a moment and look at one aspect of how WiFi† works.
WiFi is radio-based technology. What that means is that when your computer sends a packet of data to the wireless access point, that packet is actually broadcast, like radio, and any device capable of receiving that signal can receive and "see" the packet.
By definition, any laptop with WiFi capability is capable of receiving WiFi signals, so it is capable of seeing the packet. Each packet includes information indicating which specific device is the intended recipient and in general, WiFi devices ignore any packet that is not specifically addressed to it.
"Sniffing" is nothing more than the laptop examining or looking at the packets that it sees come by, even if they are not intended for that laptop.
So, if you have a laptop with WiFi, you probably already have all of the hardware that you need to sniff unencrypted wireless traffic.
Packet sniffing software
Wireshark is free packet-sniffing software. It's labeled as a "network protocol analyzer" because it actually interprets the data within the packets based on the various protocols being used. But in order to do so, it starts by sniffing the packets. Then, it analyzes them.
Wireshark isn't for the casual user or novice. As you can see by the example above, it displays a lot of technical information in ways that only a geek could love.
But with a basic understanding of how it works, even a moderately technical person can capture data. Without even knowing anything about network protocols, you can typically view the unencrypted data contained within each packet clearly.
Including usernames and passwords. Or your email.
Install Wireshark, capture packets, and browse packets for "interesting" things.
Yes, it's that simple.
Staying safe
The key to staying safe is, of course, encryption.
In fact, Firesheep was created not to enable people to run around hijacking sessions, but rather to make it glaringly obvious how easily that it could be done.
And to shame the industry into making one change: use https always.
Https during login prevents your login credentials from being sniffed, but if the service returns to the unencrypted http connection, then everything that follows is visible to anyone who cares to use software such as I've described above. If the services simply continue to use https throughout your session, then all is protected. The packets can still be sniffed, but all that's visible is unintelligible random noise.
Https, WPA, VPNs are all technologies that use encryption and can protect you from someone sitting in a corner capturing all of the open WiFi traffic.
Without one of those in place then yes, sniffing and interpreting your traffic in an open WiFi hotspot is, as we've seen, very easy to do.
•
† This discussion actually applies to wired connections as well, except that routers and switches typically send packets on to only those wired connections where the actual destination is known to reside.
Article C4902 - August 12, 2011
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
BTW... Google's "Gmail" email/webmail is encrypted HTTPS fulltime, not just during sign-in. I'd like to know of any other email services offering fulltime HTTPS.
Posted by: Bill Kingman at August 16, 2011 5:44 PMI downloaded Firesheep but it is not supported by the latest version of Firefox. Is there an alternative other than running an earlier version of Firefox?
24-Aug-2011
Sorry. This article would have been much better without pointing people to the "tools" to do wrong. You could have kept it to just explaining that there is software to do this and that without specifically pointing people to where to get it. The fact that other places may provide this information does not mean you also have to. That is like saying "Well, other people are looting. It's OK for me to do it also."
The article would have been finer if it had restricted itself to instructing people how to protect themselves not how to "do the same to others".
24-Aug-2011
Excellent article Leo, dont be bothered by the timid morality of others. In order to be secure on the internet we need to understand what makes it so insecure without beating around the bush in case we offend those who we couldnt say 'Booo' too
Posted by: Peter Marjoram at September 5, 2011 7:33 AMAnother email services offering fulltime HTTPS is fastmail.fm
Posted by: Yehia El Araby at September 9, 2011 10:26 PM