Tuesday, June 12, 2007

So what is your friend browsing

Curiosity is a good thing. It makes a creature question the how,why and what of its surroundings and as a result increases awareness and understanding.

So how many times have you wondered what your friend sitting across the couch(or in his room) is doing with his head buried in his laptop.

This is intended to be just an experiment and not invade some else's personal space. I wanted to prove to myself that this is something simple to accomplish. Organizations do this all the time but they have more resources, equipment and money.

So I embarked on my research and a possible implementation.

I figured that a network protocol analyzer and a little tweaking on the router should do it for me. And the right software turned out to be Wireshark (formerly known as Ethereal). The best part is Wireshark is free.

The fundamental thing that needs to happen to capture packets that are not addressed to your NIC is to run it in promiscuous mode or monitor mode. And not all cards support this feature. Luckily my LAN Adapter supported promiscuous mode.

When I put my NIC into promiscuous mode, I wasn't seeing any packets not addressed to me. Strange I thought.

Researched again and found out all routers are by default switched. What that means is to improve network efficiency(prevent collisions), the router sends only the traffic that is addressed to you on your CAT5 cable. So the router also acts as a filter and to be able to do anything, you will have to capture traffic before it passes to your router( between your cable modem and router )

I then thought"How about my wireless network. By its very nature, it should be amenable to promiscuous capture."

Tried that and no luck there as well since my Wireless NIC did not support promiscuous mode.

Hmm... so much for my sniffing experiment. But I was adamant to get this thing working.

Again researched...and the answer turned out to be the good old Ethernet Hub.

Hubs were the norm once upon a time when switches were still expensive. A Hub is basically a repeater and any packet entering any port is broadcast out on every other port (every port other than the port of entry).

"Thats it !. That's what I need to get going."

Turned out, not an easy thing to find a hub these days. No one sells them anymore. Circuitcity, Microcenter, Staples, Compusa, Frys, Buy.com, JR.com, Amazon(new ones) no where.
At last I found one at BestBuy - Dynex 4 port Hub.

Armed with the hub, I started tweaking my home network again.The key is to plug your hub between the cable modem and the router. And run the LAN cable from one of the ports on the hub to your laptop.

..and viola ! It worked like a charm. The software was capturing all sorts of traffic(URLs) on the network.

Now, I was the God of my home network. I was seeing everything my friends were browsing. So much for their corner seat...

A few hours into the experiment, the network started showing sluggishness because of collision problems. Since hubs are unsophisticated broadcast devices,only one device can successfully transmit at a time and each host remains responsible for collision detection and retransmission. So I had to take the hub out.

In the end, I was happy to achieve what I set out to do and learnt a lot about networks and networking equipment in the process.

May my curiosity rest in peace now, until something else awakens it... AGAIN.

No comments: