LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-19-2006, 06:14 AM   #1
medya
Member
 
Registered: Sep 2005
Distribution: Ubuntu
Posts: 87

Rep: Reputation: 15
what sniffers can see ?


as u know ISPs can easily see what u do on internet , chat , password blah blah...by Sniffer programs

I want to know what Sniffer programs can exactly see when I am connected to internet ..

is there any program to Sniff my own internet, to see what the ISP can see ?
 
Old 05-19-2006, 07:53 AM   #2
IBall
Senior Member
 
Registered: Nov 2003
Location: Perth, Western Australia
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088

Rep: Reputation: 62
Check out Ethereal.

It may already be installed on your computer, or you may need to install it with your distro package manager. What distro are you using?

I hope this helps
--Ian
 
Old 05-19-2006, 07:58 AM   #3
medya
Member
 
Registered: Sep 2005
Distribution: Ubuntu
Posts: 87

Original Poster
Rep: Reputation: 15
I use ubuntu, breezy.

is ehtereal a sniffer ? I want to be sure what the ISPs can see of me .

and for example when I use TOR, I want to see if it works...and if it really prevent sniffers seeing my data.
 
Old 05-19-2006, 08:04 AM   #4
IBall
Senior Member
 
Registered: Nov 2003
Location: Perth, Western Australia
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088

Rep: Reputation: 62
I don't know about stopping sniffers. I don't think that an ISP would spend a great deal of time inspecting what you do on the net, there would be 10's of 1000's of packets going through their servers every day. So they won't inspect your packets unless they suspect that you are up to something - have you got something to hide

Install ethereal using Synaptic. You will need to enable the "Universe" repository if you havent already done so. Ethereal allows you to inspect the contents of every packet crossing an interface (eth0).

Another packet sniffer is Snort - you can also install this using synaptic.

I hope this helps
--Ian
 
Old 05-19-2006, 08:12 AM   #5
medya
Member
 
Registered: Sep 2005
Distribution: Ubuntu
Posts: 87

Original Poster
Rep: Reputation: 15
well not every place is like australia !
 
Old 05-19-2006, 10:58 AM   #6
extendedping
Member
 
Registered: Feb 2004
Posts: 210

Rep: Reputation: 30
I just asked my dog and you don't want to know what he told me...
 
Old 05-19-2006, 01:42 PM   #7
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Your ISP can see EVERYTHING you transmit - up or down. Whether they'd be interested in any of this is a different matter. Probably not, without some law enforcement request. Or a congressional mandate like this:

http://news.com.com/2100-1028_3-6072...2601&subj=news

If you're concerned, use encryption. A vpn, ssl, ssh, gpg, etc. Assure that your remote endpoint - where your data is decrypted - is secure and free from compromise. Your ISP can still see your data, but they will not understand it if it's securely encrypted (unless your ISP is the NSA, then all bets are off). However, they can generally determine your endpoint, although there are things that can be done to hide this somewhat. If you're REALLY concerned, don't use the Internet.
 
Old 05-19-2006, 03:23 PM   #8
medya
Member
 
Registered: Sep 2005
Distribution: Ubuntu
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by haertig
If you're concerned, use encryption. A vpn, ssl, ssh, gpg, etc.
I use some sites in SSL mode (https://) what I need is a program to see what the ISP can see when I surf a httpS site ...

do yo uhave any idea ? I knows Ehereal but I didnt see anything special , it had just Destionation IP , for example I couldnt see what I am sending in chat..
is there any way to see what my ISP can see of me ?

by the way what are VPN and GPG ?

I am living outside US, if I buy a hosting server in US , is there any software to install on the server so I can surf the intenret encrypted here ? (I dont care if US server can see my data but not my ISP)

any help would be apperciated
 
Old 05-19-2006, 03:53 PM   #9
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
I've used ethereal to check traffic here - it does capture the data as well as the header information. The short answer is that your ISP cannot see what you're doing when you go to a https site, but they can when you go to a http site (or do anything that's unencrypted).
 
Old 05-19-2006, 03:57 PM   #10
medya
Member
 
Registered: Sep 2005
Distribution: Ubuntu
Posts: 87

Original Poster
Rep: Reputation: 15
the site which I use , has a Free SSL cert , (there are free ssl certs...) so I worry that it wont work.
in ethereal I can just see IPS, for example when I got linuxquestions.com who I Just see its IP not the things that I am posting to here
 
Old 05-19-2006, 04:02 PM   #11
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
If it's SSL, it should be encrypted, whether it's free or not. Have you tried running ethereal with root privileges (sudo ethereal)? That should show all of the data traffic.
 
Old 05-19-2006, 05:27 PM   #12
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Quote:
Originally Posted by medya
I use some sites in SSL mode (https://) what I need is a program to see what the ISP can see when I surf a httpS site ...
Nothing except the IP address of where you're connected to ... everything else it encrypted data. It's encrypted at your personal PC, and decrypted at your endpoint. Anybody in the middle - including your ISP - sees what looks like random garbage.

Quote:
by the way what are VPN and GPG ?
VPN = "Virtual Private Network". This is encrypted communication between two endpoints. The endpoints may be individual computers, or entire networks. These are generally setup by businesses. "GPG" = "Gnu Privacy Guard", which is basically a free implementation of PGP ("Pretty Good Privacy"). GPG/PGP can be used to encrypt individual files that you then transfer to somebody else to decrypt. GPG/PGP is not designed to encrypt a "communications pathway" in the manner that VPN, SSH, or SSL can. I think PGP may have moved forwards in this area, but I'm not sure. You didn't ask for other definitions, but here they are anyway: SSH = "Secure Shell" It is used mostly in the Linux/Unix world, but has shown up in Windows ("Putty" is a Windows SSH client). SSH is designed for computer to computer encrypted communication, much like VPN. However, SSH cannot connect "network to network" like VPN can. But you can mostly get that effect by configuring "tunneling" (a.k.a. "port forwarding") with SSH. SSL is also encrypted and is somewhat between VPN and SSH in my opinion. It stands for "Secure Sockets Layer". SSL is being replaced by "TLS" ("Transport-Layer Security"). TLS is just the next generation of SSL, but they decided to rename it for some reason. You may also run into something named "stunnel". This is simply SSL, installed in a slightly different way on the server. You, as the client, cannot tell an stunnel implementation of SSL from a native SSL implementation. None of these different things is any better encrypted than the other. The differences are in functionality, not quality of encryption.

Quote:
I am living outside US, if I buy a hosting server in US , is there any software to install on the server so I can surf the intenret encrypted here ? (I dont care if US server can see my data but not my ISP)
Yes. This is easy to do. Easiest if you get yourself a Linux-based system on the US side. You setup an SSH server on the US side (probably present on any Linux distro these days), then install a proxy (the most well known in the Linux world is "Squid"). Now on your non-US local side to the connection, you simply setup an SSH tunnel (port forwarding) from your local system to Squid's port on the US system. Tell your browser to use your local end of the tunnel as a proxy and you're all set. All websurfing traffic is encrypted on your local PC and not decrypted until is hits your US server. Anybody snooping on your connection would not be able to interpret it. Nor would they be able to tell what websites you were surfing to. Only that you were connected from your local PC to your US server, using encryption of some sort.

Last edited by haertig; 05-19-2006 at 05:30 PM.
 
Old 05-20-2006, 10:03 AM   #13
medya
Member
 
Registered: Sep 2005
Distribution: Ubuntu
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Yes. This is easy to do. Easiest if you get yourself a Linux-based system on the US side. You setup an SSH server on the US side (probably present on any Linux distro these days), then install a proxy (the most well known in the Linux world is "Squid"). Now on your non-US local side to the connection, you simply setup an SSH tunnel (port forwarding) from your local system to Squid's port on the US system. Tell your browser to use your local end of the tunnel as a proxy and you're all set. All websurfing traffic is encrypted on your local PC and not decrypted until is hits your US server. Anybody snooping on your connection would not be able to interpret it. Nor would they be able to tell what websites you were surfing to. Only that you were connected from your local PC to your US server, using encryption of some sort.
ok guy I bought a VPS hosting (and I have root access to its linux)
now should I tell my hosting admin to install "Squid" for me ? and then after that I should enter and IP or something in my browser ?

can explain me more ?
 
Old 05-20-2006, 11:59 PM   #14
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Quote:
Originally Posted by medya
can explain me more ?
There are tons of tutorials on this available on the web. So rather than reinvent the wheel, I'll just point you to some of them. I'm sure they say it better than I could:

http://www.howtoforge.com/linux_secure_browsing_squid
http://www.pantz.org/os/openbsd/squidsetup.shtml

There are lots more. Just go to Google and enter "ssh tunnel squid"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Detecting Sniffers on Wireless Matir Linux - Security 6 02-15-2006 09:42 PM
IP Tables , sniffers covertops Linux - Newbie 6 03-21-2005 09:40 AM
Http Sniffers leninkoduru Linux - Security 2 02-01-2004 12:31 AM
how to detect sniffers porous Linux - Security 11 01-05-2004 10:15 AM
How to stop sniffers ?? jad Linux - Security 8 08-14-2002 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration