A sniffer is a program that monitors and analyzes network traffic.
Questions tagged [sniffing]
176 questions
50
votes
2 answers
Why is it possible to sniff an HTTPS / SSL request?
I'm new to the realm of HTTP requests and security and all that good stuff, but from what I've read, if you want your requests and responses encrypted, use HTTPS and SSL, and you'll be good. Someone in a previous question posted a link to this app…
bitmoe
- 601
- 1
- 6
- 3
28
votes
3 answers
Firebug appears to be decrypting SSL traffic: is it the correct behaviour?
In my company we were writing a small web application which would be hosted and tested under HSTS protocol.
One of my tester complained that the username and password can be seen in cleartext so it is insecure. I replied that due to HSTS…
BlueBerry - Vignesh4303
- 5,107
- 13
- 34
- 63
24
votes
2 answers
Is telnet secure through SSH tunneling
Firstly sorry, maybe dumb question, but I have one service running on my server which can be operated only by telnet (port 23), but I know that telnet is insecure, so I blocked port 23 in iptables except loopback interface (to be not accessible from…
tomsk
- 389
- 2
- 8
24
votes
3 answers
How to deal with WPE users
I own a chat room and some users use a program Winsock Packet Editor, "WPE PRO".
With it they manage to bypass chat rules, like they can't be muted or kicked, and they can send messages fast bypassing the limit of the chat.
I was wondering if there…
Salim Aljayousi
- 373
- 2
- 3
14
votes
6 answers
How can a user defend against session hijacking?
Given a website with various security flaws, one of them is session hijacking, session token continuously being sent as an argument over unsecured HTTP. In my field it's not surprising that others sniff networks I use, so I contacted the owner of…
Rápli András
- 2,124
- 11
- 24
12
votes
4 answers
Eavesdropping vs. sniffing
I'm taking a coursera course, and they take pains when talking about network security to distinguish between eavesdropping and sniffing.
According to their definitions, sniffing involves reading or monitoring whole packets, whereas eavesdropping…
fox
- 243
- 2
- 6
12
votes
4 answers
Can someone use WiFi snooping to see data I send through Tor Browser when I'm not using SSL?
(NOTE: I've read other similar questions, but I'm not at all certain about this, therefore I'm asking.)
I travel a lot, and I generally use public WiFi spots and hotels/hostels/boarding houses etc. access points.
I'm a reporter. Sometimes I send my…
victor
- 121
- 1
- 3
10
votes
3 answers
Can network traffic between Docker containers be sniffed?
On normal networks, it is a security risk to send plaintext data, since attackers can sniff or even manipulate all traffic. Encryption is required for secure communication. When using Docker containers, these can be connected together using virtual…
Sjoerd
- 28,707
- 12
- 74
- 102
9
votes
1 answer
Hacking/Sniffing/recording GSM like Karsten Nohl
For a course at college, I wanted to reproduce the attack on GSM shown in this video by Karsten Nohl: https://www.youtube.com/watch?v=0hjn-BP8nro.
From what I understand he used an USRP radio to record the data. Those devices all cost starting at…
populus
- 91
- 2
7
votes
2 answers
Is promiscuous mode sufficient to sniff packets in a wifi network?
I'm connected to my WiFi network and I want to capture and analyze packets that other clients are exchanging with the gateway. I don't want to modify the content of these packets and I don't need to read the content of every packet.
Actually, the…
user113574
6
votes
2 answers
Sniffing unencrypted traffic in datacenter
Please explain how is it possible to sniff packets from within the datacenter.
Some background. I am studying networking options for DigitalOcean. My goal is to make sure that data exchange between hosts is secure as it may be sensitive. I read…
Juriy
- 163
- 5
6
votes
1 answer
Sniffing WhatsApp Traffic
I was wondering if its possible to obtain private keys for Whatsapp to be able to sniff traffic between two WhatsApp Android devices (both under my control). I understand that WhatsApp traffic is now end-to-end-encrypted, and I have read their…
QPTR
- 257
- 2
- 7
6
votes
2 answers
Server-side man-in-the-middle/eavesdropping: attacks between two servers using unencrypted HTTP
I’m new to security, and I’m wondering how man-in-the-middle and eavesdropping attacks between web servers work, rather than between personal devices and servers.
Most questions I see here about man-in-the-middle attacks seem to involve a personal…
user3842252
- 105
- 6
5
votes
1 answer
Are there any products/techniques for low-effort DSL sniffing?
Inspired by the "can my neighbour listen to my phonecalls" question, I'd like to ask what would be required for an attacker to snoop on an ADSL connection given physical access to the wire (so, "linesman's handset" or "Beige box" style).
Obviously,…
randomdude
- 827
- 1
- 7
- 12
5
votes
3 answers
What are the advantages and disadvantages of using a HackRF One compared to specific protocol sniffers?
I am performing some research on IoT test tools and came across the HackRF One which can transmit and receive from 1 MHz to 6 GHz. I therefore think that it can analyze many protocols, but I cannot find a list of them anywhere. Can it for example…
Maikkeyy
- 187
- 7