sniffing v. packet analyzers..

Started by Metgod, October 18, 2002, 05:30:15 PM

Previous topic - Next topic
Alright, I'm making some posts.. still away for the most part and I am leaving in one week from today (Friday) and will be gone for at least two weeks heh..

Anyhow.. opinion..

If you ask someone in the underground what kind of program can see ALL network traffic, what do you expect to hear ?
A sniffer of course. It sets the NIC to promiscuous mode and then sees all data, including data not addressed to the interface that is sniffing. It can also read encrypted data. Let's not get into deciphering.. that's not the point...

But, what happens if you ask some one in the networking or 'security' field ? You'd expect something like a 'packet analyzer'.  Not everyone there, but some..

I don't know about you, but I think that is just stupid. The underground calls it a sniffer and then these perfect, wonderful, extremely knowledgeable, et. al., peple 'aboveground' call them a packet analyzers..

Why ? I seriously do not see the point. Given that I do not know what the very first sniffer was, I can not say who wrote it. But I'm willing to bet a hacker or cracker wrote it.. I'm also willing to bet they did it for one or more of a few reasons:

- For studying packets at a very low level.
- To actually intercept packets that didn't belong to them.
- For learning, or to see if this could be done.

I'm sure there are others but.. that doesn't matter.

Is it me or do these 'aboveground' people have to justify what they are doing ? "hacking is wrong.. and so is sniffing." Maybe this is just me.. I don't know.. but the fact of the matter is, sniffers do have the ability to do malignment things, and are quite often used for this. And simply put, hackers wrote this .. I don't think the ordinary admin would think of this, nor would they even have the skills (or perhaps patience) to do it. Well I can think of one 'aboveground' person, but he really isn't respected in the underground. I'm talking about none other than Steve Gibson.. he is an incredible coder.. he does everything in Assembler (mostly win32 though.. gag). He actually has some interesting papers on his site (grc.com).. Regardless he isn't well respected.. but eitherway, he's good at coding.  Now Linuxes and UNIXes have  sniffers built-in.. Well they have for some time..

snoop is on solaris.. tcpdump on *bsd, and tcpdump on linux. Not sure about AIX, HP-UX .. and I really don't care about those two ..

Well yes, there are legitimate reasons... monitoring packet loss, bandwidth, and so on.. but the fact is... they STILL intercept packets, and that is STILL the same idea. Okay, so you're doing it to monitor your network.. but still.. you are reading stuff that isn't yours. I know that's kind of harsh, but actually I understand the importance of monitoring your network, but still.. it still intercepts packets. I'm not saying it's wrong to do that either.. I think it's fine.. as long as it's your network. Let's not even get into someone else's network (hehe..).


It IS a SNIFFER. There is no need to justify it, but to me, it seems that's what they do..

Or then again.. maybe they have no idea as to how it works, what it can do and who 'else' uses them.. So as such they don't even know of the name 'sniffer' ..

What do you all think ?  Interested in a reply here..

Met
"My Terminal is my Soul"

Packet analyzer!  Try and explain to the non-tech.  what a sniffer is and they melt donwn.  But use the term "Packet analyzer" and they last a bit longer before they start playing with their beer bottle caps.

If I HAD a cool job in IT then I would be carefull  to use terms that are some what more understandable the boss (if he's not in the know)
I guess it all depends on who your talking to....

By the way, has anyone used ethereal before?  As far as I know it's an packet analyzer (aka: sniffer, whaterver)  I have used this to analyze my network traffic between my two (yes i know only two is lame) computers.  And as it turns out I was able to dignose that i have a routing problem.  

I use ethereal frequently. And I call it both a packet sniffer and analyzer depending on who I'm talking to. I don't really make it out to be such a big deal. Mostly it just depends on who I'm having the conversation with. **shrugs**

Basically just two different terms used by two different sets of individuals. I think the differential is what the same tool is used for. People who are trying to troubleshoot a network problem will use it as a "network analyzer" where as someone trying to use it just for sniffing packets containing data such as passwords for illegal breach of security, would call it a sniffer... ("You say tomato...")
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

SMF spam blocked by CleanTalk