Packet sniffing question

elrasho

elrasho

elrasho

Soldato
Joined
12 Jan 2009
Posts
6,496
Anyone know if you can find out if your packets of data are being sniffed over your WiFi connection?

I know to overcome it a vpn can be used so they can't see what data is sent from your device. But I wanna know if you can find out if someone is actually doing it and also pinpoint the device?
 
No, by definition, you’re broadcasting signals in the air that anyone can pick up, record and analyse at their leisure. A packet sniffer can be completely passive and just record the data being transmitted. As such, you can’t detect it other than by physical search.

And no, a VPN won’t overcome a packet sniffer because the VPN traffic either starts at the router or the VPN traffic with the keys is being sniffed. What encryption are you using WPA? WPA2? WLAN is fairly difficult to extract data from.

If you are up against someone who is sufficiently sophisticated they’re using a packet sniffer then dump the WLAN and get on a cable. Or, better yet, stop doing whatever it is you’re concerned about being intercepted.
 
WJA96 said:
No, by definition, you’re broadcasting signals in the air that anyone can pick up, record and analyse at their leisure. A packet sniffer can be completely passive and just record the data being transmitted. As such, you can’t detect it other than by physical search.

And no, a VPN won’t overcome a packet sniffer because the VPN traffic either starts at the router or the VPN traffic with the keys is being sniffed. What encryption are you using WPA? WPA2? WLAN is fairly difficult to extract data from.

If you are up against someone who is sufficiently sophisticated they’re using a packet sniffer then dump the WLAN and get on a cable. Or, better yet, stop doing whatever it is you’re concerned about being intercepted.
Click to expand...

A VPN using SSL will be enough to stop the person actually seeing the data right?
 
No. All a VPN does is establish a link from your start point (usually your router WAN IP address but it could be your PC) to another remote IP address. What passes down that tunnel is encrypted but if an attacker has access to your wireless LAN then they can probably get access to those encryption keys. You can use an anonymizing service so the people looking at your IP address can't see what websites you visited but if they are pulling your data from inside your own wireless network then (assuming they had the encryption keys for your Wireless LAN) they could see all your traffic, and what comes back because once they are inside your wireless LAN they can see everything before and after the VPN connection.

Can I ask what it is you're worried about? The sort of exploit you're talking about is fairly difficult to pull off. Like NSA/GCHQ/Fancy Bears/Lazarus Team difficult.
 
WJA96 said:
No. All a VPN does is establish a link from your start point (usually your router WAN IP address but it could be your PC) to another remote IP address. What passes down that tunnel is encrypted but if an attacker has access to your wireless LAN then they can probably get access to those encryption keys. You can use an anonymizing service so the people looking at your IP address can't see what websites you visited but if they are pulling your data from inside your own wireless network then (assuming they had the encryption keys for your Wireless LAN) they could see all your traffic, and what comes back because once they are inside your wireless LAN they can see everything before and after the VPN connection.

Can I ask what it is you're worried about? The sort of exploit you're talking about is fairly difficult to pull off. Like NSA/GCHQ/Fancy Bears/Lazarus Team difficult.
Click to expand...
A VPN can very much stop anyone decrypting the traffic between you and a 3rd party even if the sniffing starts before the connection has started. If you take a protocol like wireguard for instance the keys are never transmitted during traffic they are preshared so your private key never leaves your computer/phone and thus cannot be intercepted at any point. I believe other vpns are similarly protected from just listening to the start of the conversation but I dont know enough to give examples but it would be a pretty bad system if the keys were just sent in plain text and then everything after is sent encrypted.
 
Yes thought as much, will get them to format their hard drive and reinstall windows 10 with a VPN. Also change the WiFi password to something super hard and also ensure he's using WPA PSK2. Thanks for the advice
 
meandu229 said:
A VPN can very much stop anyone decrypting the traffic between you and a 3rd party even if the sniffing starts before the connection has started. If you take a protocol like wireguard for instance the keys are never transmitted during traffic they are preshared so your private key never leaves your computer/phone and thus cannot be intercepted at any point. I believe other vpns are similarly protected from just listening to the start of the conversation but I dont know enough to give examples but it would be a pretty bad system if the keys were just sent in plain text and then everything after is sent encrypted.
Click to expand...
This
 
elrasho said:
Yes thought as much, will get them to format their hard drive and reinstall windows 10 with a VPN. Also change the WiFi password to something super hard and also ensure he's using WPA PSK2. Thanks for the advice
Click to expand...

Lol. If a machine has been breached as you describe, throw the hard drive away after doing a complete secure erase and then burn it in a decently hot incinerator and get a new PC. Check all the peripherals for signs of interference - and if it was me - and I genuinely thought some really decent black-hats were after me, I’d just buy everything new. The pen kit now is so sophisticated you’d never know you were being watched.

Oh, and even if the WiFi password has been made super-duper-hard, unless you disable the WPS button anyone can get the key. WiFi is crap for security.
 
You must log in or register to reply here.
Back
Top Bottom