Home >> Technology >> Stuff I Found in a Packet Sniff Over Coffee

Stuff I Found in a Packet Sniff Over Coffee

April 16, 2010 By 4 Comments

No, you really don’t want to know. Oh, nothing too bad or even extremely illegal, but as I was writing my last post—Hacking for good should be taught and encouraged—I was running a packet sniffer to make sure that my traffic was encrypted. Since I had the sniffer running in “promiscuous” mode, I caught everything going on over the network. Everything. Why? Well the coffee shop I was at (one I go to often, actually) has an open WiFi network. No WEP or WPA here, just open. Compare this to at home I have WPA running and doing a similar test (with a friend surfing on my network too), almost all the traffic was just mine. What wasn’t mine, didn’t have any usable info.

So to the folks at Waves, checking out MSNBC, Foxsports, Facebook, and downloading torrents … remember what you do at online on an unsecured WiFi is open to the world.

Filed Under: Technology Tagged With: , , ,
  • http://www.mainwriter.com Susan

    Wow. That’s pretty scary. What about if you are doing, say, online banking with a URL beginning with “https”? Still a no-no!

    • http://www.trishussey.com/ Tris Hussey

      Any HTTPS traffic is encrypted so you can’t get anything out of it…but some sites only encrypt part of the traffic. Like the person checking their Fido account and Yahoo Mail. The important stuff (usernames and passwords) wasn’t easily seen, but there was still a lot of info there.

      The lesson is … open WiFi is like ordering with your credit card while on speaker phone in the middle of the street. It’s not guaranteed that someone will pick up all your info, but you certainly aren’t helping matters.

  • http://www.mainwriter.com Susan

    Wow. That’s pretty scary. What about if you are doing, say, online banking with a URL beginning with “https”? Still a no-no!

    • http://www.trishussey.com/ Tris Hussey

      Any HTTPS traffic is encrypted so you can’t get anything out of it…but some sites only encrypt part of the traffic. Like the person checking their Fido account and Yahoo Mail. The important stuff (usernames and passwords) wasn’t easily seen, but there was still a lot of info there.

      The lesson is … open WiFi is like ordering with your credit card while on speaker phone in the middle of the street. It’s not guaranteed that someone will pick up all your info, but you certainly aren’t helping matters.

TrisHusseyDotCom is Stephen Fry proof thanks to caching by WP Super Cache