212 Chapter 9 ■ Sniffers
How successful sniffers are depends on the relative and inherent insecurity of certain
network protocols. Protocols such as the tried and true TCP/IP were never designed with
security in mind and therefore do not offer much in this area. Several protocols lend
themselves to easy sniffing:Telnet/rlogin Keystrokes, such as those including usernames and passwords, that can be
easily sniffed.HTTP Designed to send information in the clear without any protection and thus a good
target for sniffing.Simple Mail Transfer Protocol (SMTP) Commonly used in the transfer of e-mail, this
protocol is efficient, but it does not include any protection against sniffing.Network News Transfer Protocol (NNTP) All communication, including passwords and
data, is sent in the clear.Post Office Protocol (POP) Designed to retrieve e-mail from servers, this protocol does not
include protection against sniffing because passwords and usernames can be intercepted.File Transfer Protocol (FTP) A protocol designed to send and receive files; all transmis-
sions are sent in the clear.Internet Message Access Protocol (IMAP) Similar to SMTP in function and lack of
protection.Using a Sniffer
We touched on some of the basics of using a sniffer in the previous section, but now let’s get
down and dirty. Quite a few sniffer builds are available that perform nearly identical func-
tions. The real advantage of one over the other is the robustness of functionality in how the
sniffer displays that data and what options are available to help you digest and dissect it.Law Enforcement Agencies and SniffingLawful interception (LI) is defined as legally sanctioned access to communications net-
work data such as telephone calls or e-mail messages. LI must always be in pursuance
to a lawful authority for the purpose of analysis or evidence. Therefore, LI is a security
process in which a network operator or service provider gives law enforcement officials
permission to access private communications of individuals or organizations. Almost
all countries have drafted and enacted laws to regulate lawful interception procedures;
standardization groups are creating LI technology specifications. Usually, LI activities are
taken for the purpose of infrastructure protection and cyber security. However, operators
of private network infrastructures can maintain LI capabilities within their own networks
as an inherent right, unless otherwise prohibited. LI was formerly known as wiretapping
and has existed since the inception of electronic communications.