Packet Sniffing
Wireshark is a free open source packet sniffing utility. In extremely simple terms, packet sniffing is the act of looking at network packets that your computer can see. If you are using WiFi to connect to the internet, this can easily include packets that weren’t meant to be yours (e.g. you see other users’ data). Usually, the way that your ethernet connection is wired prevents you from seeing other users’ packets.
I started sniffing around for fun today and I made some disturbing discoveries that shouldn’t have surprised me. First, I noticed that my POP3 (Post Office Protocol; POP3 is the predominant email protocol) accounts are not authenticating securely. I was able to easily pull my username and password out of the network packets, as well as any email information that was sent or received. A few quick settings changes and I’m now sending and receiving email securely.
I also found out that the AIM protocol is not encrypted either. You can clearly see the message below that I sent to my friend. (Click to see the whole window)
If I get on a WiFi network, I should be able to see other people’s messages. I’m interested to see how many people out there are using no encryption or weak encryption (base64).
October 6th, 2008 at 2:51 am
If you’re concerned about your IM traffic, there’s a plugin for Pidgin (Pidgin-Encryption) that allows secure IM communication. I had a similar epiphany about 8 months ago, and had a little fun with it as you did ;-).
October 6th, 2008 at 8:59 am
Dan,
Thanks for the tip. I will definitely get the plugin. (Yes, I’m using Pidgin even though I’m on XP currently.. haven’t had time to bring my Gentoo partition up to speed)