Radical Software
LCST 2234, Fall 2021 (CRN 9430)
Rory Solomon
Project 3, Tutorial 1: Getting started with packet sniffing
In last week's technical
tutorial, we experimented with the ping command
to test whether another host (another computer,
a.k.a., another node) was active and connected
to a reachable network — i.e., a network to which we could
find a route from our comptuer.
We talked about how the ping command works by
sending small packets. And we talked a bit about
how a packet is a small chunk of data used to send
a larger digital object. Packet-switched
networking was a principle invented by Paul Baran at
RAND Corporation in the mid-1960s. (It was concurrently and
independently invented by Donald Davies, and there is sometimes
some contention about who gets credit for the invetion, although
by my research, these two figures did not seem to have much
animosity or spirit of competition between them.)
Packet-switching is the principle by which all digital networks work today. Digital objects are broken down into these small chunks of data, and the packets are sent out along a network, perhaps finding different routes between sender and receiver.
We can use the traceroute (or on
Windows tracert) to try to determine a route from
our computer to a different one.
These routes help illustrate how the internet really is a "network of networks." Each of our computers is always connected to a small network of other computers near us, usually called a subnet, or a local-area network (or LAN).
Today we're going to do some experiments with local-area networks and packet sniffing.
Packet sniffing
tcpdump. This is a command line tool that comes
built-in to all Unix-based command line environments (Mac and
Linux). On windows you can download and
install TCPDUMP
for Windows, or
Herbivore. By Surya Mattu and Jen Kagan.
Herbivore is meant to be a more friendly interface to view
output similar to tcpdump.
Mattu and Kagain presented about it at the Radical Networks event.
Some additional information about it here hosted by eyebeam.org
Herbivore is an open source project, meaning you can download, compiled, and install the code yourself, and modify it if you wish. The project homepage with documentation and screenshots on github.
You can also simply download a release: a pre-compiled application that is ready to install and run: available here for Mac.
I tried downloading, installing, and running the pre-built release, but was not able to have any success getting it to work. Perhaps you will have more luck. Surya lives in NYC and is currently actively involved in similar projects, so I think he probably would be responsive to any inquiries about why this is not currently working.
Wireshark.
Carnivore. A tool by Alex Galloway's Radical Software Group. Project homepage.
The FAQ is a useful bit of information for learning and thinking about networks.
Here is an article in Wired magazine about the piece: Turning Snooping into Art (from 2002!)
This project is quite old at this point. You can read a fairly recent statement on its status here: Carnivore — An update.