Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords

Submit to del.icio.us | submit Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords to digg.com

digg it! | submit Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords to slashdot.com

Submit to Slashdot
Published on April 4th, 2007
Category: Hacks, Internet

Every time I help my dad with his computer he always has me look away as he cautiously and paranoically types his username and password. Then he jokes in a FOB-like voice, “You already know my password hah?” In reply, I always tell him that I don’t need to look at the keyboard to capture his login information. All I really need is a connection to his network.

Packet sniffing is an old, time-tested security penetration (aka hacking/cracking) technique. It is a passive attack that just involves listening in on the network and piecing together the “packets” of data to create an exploit. You can be listening in on anything from logins, credit card numbers, social security numbers, confidential emails, sensitive files, browser history, etc.

Today, the most commonly used network analyzing program is Ethereal. It’s open source and runs on most operating systems.

Home Penetration Test

Basically, after installing the program, you just click “Capture” and “Interfaces.” With my computer, I have the ubiquitous dial-up adapter, a VPN connection, a wireless network adapter, and an Ethernet interface.

Select the network interface that you want to “listen” with and see the packets start rolling. Press stop and you’ll be able to see the details.

I tested Etherreal with the common MySpace login. Guess what I found? I read my login in easy-to-read, unencrypted, exploitable plaintext! This was only on my closed home network. Imagine what would happen if you were to actually do this on a wireless network. Let’s take it a step further. Imagine what would happen if you transmitted your social security or credit card number on a public network! You might as well read those sensitive numbers on the radio!

Keep in touch for solutions on how to avoid packet sniffing in public places!

Subscribe to the freeware review by Email | book mark Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords in del.icio.us

Submit to del.icio.us | submit Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords to digg.com

digg it! | submit Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords to slashdot.com

Submit to Slashdot

Download this Program

This entry was posted on Wednesday, April 4th, 2007 at 1:43 pm and is filed under Hacks, Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Recently Posted

3 Responses to “Ethereal - Network Analyzer and Possible Packet Sniffer for Passwords”

Alan Strader Says:
July 8th, 2007 at 1:40 am
Ethereal is no longer in development. The author has left his previous employer who maintains the rights to the product and the name. The author and other contributers have since renamed the project to Wireshare. The protocol analyzer is still under active development as Wireshare. The new website is http://www.wireshark.org/
blogger Says:
July 8th, 2007 at 8:27 pm
Wow, I didn’t know. Thank you for the update!
17 yo Says:
November 8th, 2007 at 5:14 pm
When I started playing with packet sniffing I was surprised by this fact. However, for the last week or so, I’ve not been able to get the password (which now that I’ve captured my brother’s packets during log in is frustrating) So I’m wondering if its suddenly gone encrypted or so.

Blog Network

packet network password login paranoically passive tested jokes