Packet Sniffing


When you connect to the Internet, you are joining a network maintained by your Internet service provider (ISP). The ISP’s network communicates with networks maintained by other ISPs to form the basis of the Internet. Packet sniffers are computer programs or hardware that can intercept and log data streams over these digital network. They are installed with and without the knowledge and cooperation of communications companies. Normally computers only look at packets addressed to them. But when a packet sniffer is set up, the network interface is set to promiscuous mode and has access to everything in the network. Packet sniffers can either record the entire contents of packets or only headers, which, like the writing on envelopes, considered to be public information. Since 1986, the Electronic Communications Privacy Act (ECPA) has protected email, pagers, and cell phone calls from warrantless wiretapping. Packet sniffers can be filtered to only intercept packages containing a keyword, or coming to and from a specific individual. The FBI’s Carnivore system of packet sniffing software uses elaborate content models to establish its filtering criteria. When the Electronic Frontier Foundation and Electronic Privacy Information Center approached Congress about the dangers of Carnivore, the FBI released a statement arguing that Carnivore has the unique ability to distinguish between communications which may be lawfully intercepted and those which may not. They specifically clarified that Carnivore cannot search through the contents of users messages and collect those that contain certain key words like “bomb” or “drugs,” but target individuals deemed outside the law (Kerr). Today packet sniffing is conducted almost entirely on fiber optics.

"Internet and Data Interception Capabilities Developed by the FBI, Statement for the Record, U.S. House of Representatives, the Committee on the Judiciary, Subcommittee on the Constitution, 07/24/2000, Laboratory Division Assistant Director Dr. Donald M. Kerr"