How to know what others browse through the network?

  • My friend connected to WIFI and after 5 minutes he told me which sites I had actually been browsing, and who I chat with.

    My question is: how do I defend myself against this, and also how did he do this?

    It's a good question to have here, but... why not ask your friend too?

  • Philipp

    Philipp Correct answer

    6 years ago

    In a WiFi network, all information which is sent over the network is broadcasted over the air. Usually network interfaces are configured to just ignore any network traffic not addressed to them, but there are tools available which change them to "promiscuous mode" which allows them to also log and show any traffic which they receive even though it is directed at other network participants. Although WiFi networks are usually encrypted nowadays, the key is shared between all participants, so any network participant can eavesdrop on the traffic of everyone else.

    The only defense against this is end-to-end encryption.

    For casual webbrowsing, you should try to always use the https:// version of a website. That way a sniffer on your WiFi network will only learn the domain you browse, but not which specific URL, what you read there and what you send there. When someone would eavesdrop on you right now, they would learn that you made a TLS handshake with but not that the exact URL you view is and what you are currently reading here. Should you choose to comment on this, that outgoing message would also be encrypted. I recommend the browser extension HTTPS Everywhere which makes your webbrowser prefer https over http whenever possible.

    Regarding chatting: Many chat systems do not offer encryption. When you are security-conscious, you should refuse to use these. There are too many chat systems available to list them all here, but the Electronic Frontier Foundation has a good comparison of the security features of many chat systems.

    However, when you have a high security need, the best way to protect yourself on a public WiFi network without having to change most of your habits is to pay for a VPN service. With a VPN service, all your internet activity is routed through an encrypted channel to a server on the internet which then works as a proxy. As long as you trust your VPN provider, this allows you to do confidential internet activity from an untrusted network. The greatest advantage is that this works for any network traffic, so it does not matter if the software you use encrypts or not. However, keep in mind that the connection is only secured between you and the VPN provider. This 1. means that your VPN provider could eavesdrop and 2. that the connection between the VPN provider and your destination is unsecured.

  • Your friend is likely using a network packets capture tool like wireshark or tcpdump to collect data that are transferred from and to your machine.
    At least to make it hard to your friend you have to use services or websites that offer data encryption which is commonly implemented using TLS, for instance when you are browsing a website make sure the website adress starts with https and not http.

  • In order to Protect yourself, use high security encrption level like WPA2. It assing differnet Keys to each WiFi Client.

    How to trace:

    1. Check your router for attached devices. You can use PingTestEasy to discover devices on your network. Or can ise this method to check WiFi Clients on a network.
    2. Note down the IP address of the device. Next, you can either capture packets directly using Wire Shark, or further analyze the device for known vulnerabilities and open ports using NMap. Open NMap and scan the IP for open ports and OS info.
    3. Once the scan completes, look out for open ports and OS details. You'll also be able to see the services that are using specific ports: one way to see the what purpose a particular device is serving on the network. Next, you can launch a packet capture to analyze the traffic between the node and the router.
    4. Select a protocol (say http) and choose a packet at random. Right click on the packet and choose Follow>TCP Stream. Packet header and content in separate blocks. Note that the host is mentioned in the header. (WireShark) Similarly, you can analyze ICPM/SSH/SSDP/DLNA/Etc. packets and see what the device is doing on the network.
    5. Harvesting router web-config credentials using WireShark packet capture. Things can get trickier and interesting if there's an SSL site involved. You'll need to launch a man-in-middle attack using something like MetaSploit, or install payloads on the client through webscripts deployed using DNS manipulation.

    Other than that, you can impose a transparent proxy on your network and monitor activities from there. Also, you can log connection history using a pfSense box.

    Most of this comes under softcore hacking. Hacking, however, is illegal, under any pretext whatsoever. You can get sued if there's a security breach/identity theft/phishing attack on the network just because you previously tried to do the same. Your computer can be stripped for evidences. Likely is that you'll get into trouble. Now that you know this stuff doesn't mean that you should immediately test it out, and that too on a third person.

    Disclaimer: I'm in no way endorsing hacking/spoofing.

  • Although https (SSL/TLS) is a security layer you really want to use wherever and whenever possible, it is not always available, such as with a lot of chat services.

    If you enable proper wifi security settings (WPA2) with (one) password that is known to everyone who needs access to the network, each client (and each session) gets its own unique encryption keys that makes it practically impossible to listen to the traffic of other users.

    Using a wireless card in promiscious mode on such a network will only show the encrypted traffic.

    This way, even if users or applications aren't using HTTPS enabled webpages are still protected with WPA2.

    A VPN, as suggested in the other answer is also a solution, but is much more difficult (an more expensive) to setup.

    If you manage to capture the handshake you can decrypt other client's sessions on WPA2.

    As far as I know a handshake capture can be used to brute-force the pre shared key, but not the traffic itself.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM