Herbivore is made and maintained by Surya Mattu and Jen Kagan. Ingrid Burrington, Eve Weinberg and Pedro Galvao Cesar De Oliveira have also contributed to the project. Herbivore was made with the support of NYU's Interactive Telecommunications Program and their Something-In-Residence fellowship. Curriculum written by Lauren Gardner.
- What information is my computer sharing about me or my online activity?
- How does HTTP vs. HTTPS really affect my online security?
- What information are my IoT devices at home sharing?
We will user Herbivore, an open source tool that aims to demistify the world of network packets for the uninitiated through packet sniffing. Herbivore is a free, open source tool that shows users the data packets that travel between their computers and the internet. Packet sniffing is like sitting at a post office with a notebook and taking notes about the different packages that are coming in and out. By surfacing this information, we hope to demystify how the internet works and make network literacy accessible to a much wider audience.
A handful of packet sniffing libraries and desktop applications already exist for analyzing network packets, but were designed for people who have programming experience or a network engineering background; they were not designed as educational tools for people without technical backgrounds.
This workshop is intended for adults, young and old. This workshop is ideal for those who are interested in learning how to packet sniff or learn what that even means.
In this workshop we will go through the basics of what packet sniffing means and supply you with the knowledge and tools to enable you to monitor this activity at home. This is not a hacking workshop, we will be teaching you skills to do packet sniffing on your home network.
Students will learn how to install software used to monitor the internet traffic occuring on devices in your home network and how to interpret the data that is being passed. You'll also walk away with a better understanding of computer networking and the stack that is used in most commercial applications.
tbd
You will need a Mac to run Herbivore :( . But all is not lost! Even if you dont have a Mac you can still learn a whole bunch. We encourage participants to work together and share computers.
-
Install Herbivore on your Mac. After you install and set permissions, restart the application and connect to your home network. Take a look around, make some notes about what you see:
- how many devices are connected - what are they?
- where there any devices on your home network that you can not identify?
- which device send the most information or communicates most frequently?
- what else do you see that surprises you or that you have questions about?
-
Read/watch before class:
- How the Internet Works (in 5 minutes)
- What is a Packet?, from Networks Land.
- The House That Spied on Me
- Whistleblower Mark Klein describes how the NSA was collecting internet communications by interfering in an ISP's physical infrastructure.
- Read how ISPs are allowed to sell our browsing data to private companies.
this will be filled in after class
-
Network - A network is a collection of terminal nodes, links are connected to enable telecommunication between the terminals. The transmission links connect the nodes together. The nodes use circuit switching, message switching or packet switching to pass the signal through the correct links and nodes to reach the correct destination terminal. Each terminal in the network usually has a unique address so messages or connections can be routed to the correct recipients. The collection of addresses in the network is called the address space.
-
Node - A physical network node is an active electronic device that is attached to a network, and is capable of creating, receiving, or transmitting information over a communications channel.
-
Router - the device that forwards, or routes, data packets along to where they’re supposed to go based on the addresses in the packet headers.
-
Ethernet - is a computer networking technology commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN).
-
Internet Service Provider (ISP) - There are many kinds of internet service providers, but in this case we're talking about access providers. These are the companies that install cable in your neighborhood and often supply your router when you set up your internet in your home. ISPs hold a lot of power because they physically control the flow of data.
-
Website - the collection of files—from style files, scripts, images, and plain text—that you request from the server and that are ultimately rendered on your computer by your browser.
-
Server - the computer that hosts websites and makes them publicly available through a URL. the server responds to client requests. any computer can be both a server or client—it just depends what role the computer is playing. is the computer serving files or requesting files? when people use the metaphor of 'the cloud' to talk about file storage, they're talking about a server or just "another person's computer."
-
Transmission Control Protocol (TCP) - is one of the main protocols of the Internet protocol suite, therefore the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major Internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP.
-
Hyper Text Transfer Protocol (HTTP) & HTTP Secure (HTTPS) - The protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure' and means all communications between your browser and the website are encrypted.
-
MAC address (media access control) - a unique identifier assigned to a device at the data link layer of a network segment that is permanent to the device. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. In brief, MAC address is like a social security number which remains unchanged for a person's life time (here, the device), while an IP address is like a postal code which can be changed.
-
IP address (Internet Protocol address) - Numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. The IP address space is managed globally by the Internet Assigned Numbers Authority (IANA), and by five regional Internet registries (RIRs) responsible in their designated territories for assignment to end users and local Internet registries, such as Internet service providers. Each ISP or private network administrator assigns an IP address to each device connected to its network. Such assignments may be on a static (fixed or permanent) or dynamic basis.
-
Port - A port is an endpoint of communication in an operating system. A port is always associated with an IP address of a host and the protocol type of the communication. It completes the destination or origination network address of a message. Ports are identified for each protocol and address combination by 16-bit unsigned numbers, commonly known as the port number.
-
Packets or Network Packet - Information transferred through the internet is broken down into smaller, formatted chunks of data called packets. A packet consists of control information and user data, which is also known as the payload. Control information provides data for delivering the payload, for example: source and destination network addresses, error detection codes, and sequencing information. Typically, control information is found in packet headers and trailers.
-
Packet Sniffer - A packet inspection tool is software running on a computer that allows you to look at all the network traffic that is being sent and received on the network you are currently connected to. The range of activity this lets you monitor includes your browser traffic, your operating system sending bug reports, services like Dropbox and Spotify talking to their servers and content streaming to devices such as Apple Tvs and Sonos speakers, and your internet of things devices talking on the internet.
-
Addresses - The routing of network packets requires two network addresses, the source address of the sending host, and the destination address of the receiving host.
-
Payload - In general, payload is the data that is carried on behalf of an application. It is usually of variable length, up to a maximum that is set by the network protocol and sometimes the equipment on the route. When necessary, some networks can break a larger packet into smaller packets.
-
DNS (Domain Naming System) - A hierarchical decentralized naming system for computers, services, or other resources connected to the Internet. Most prominently, it translates more readily memorized, human readable domain names (google.com) to the numerical IP addresses (172.217.10.46) needed for locating and identifying computer services and devices with the underlying network protocols.
- Local IP address Ranges examples
- Tool to look at the hostname/ owner of an IP address
- List of ports and their uses
- MAC address lookup tool from Wireshark. You can find the vendor name based on the first three bytes of an address.
- TOR; anonymous browsing protocol.
- Developer Tools; a way to see how a website is made/ way to edit the website. Instructions for Chrome browser
- Browser Stack is an emulator tool that spoofs displays (phone, tablet...) from the browser.
- Understanding DDoS; Attacks from a group of computers all making requests at a specific site so that the influx of traffic would bring it down. Also look at:
- Shodan.io; a website that scans and displays IP Addresses for open ports
- Before You Hit 'Submit,' This Company Has Already Logged Your Personal Data, article referencing the websites that expose your data in the forms or have third party code that captures it from the website as you type.
These are additional materials to leave with to dig deeper into the subject or additional exercises and challenges to help progress your knowledge to the next level and gain mastery of the subject through independent study.
First Steps
- The internet is made of packets - workshop
- Your smart home is spying on you. Here's how to spy back, a step by step tutorial by Surya on how to set up a RaspberryPi to monitor the digital emissions from your own homes.
- Read through Networks.Land, tools and activities for understanding the internet from the ground up by Ingrid Burrington and Surya Mattu.
- NYU ITP, Understanding Networks, the syllabus for Thomas Igoe's class taught at NYU ITP.
Next Steps
- Debookee easy packet sniffer for mac
- Download Wireshark and dig deeper How To Go From 0 to Sniffing Packets in 10 Minutes
- Wireshark 101, a more advanced tutorial using wireshark to sniff packets and inject them in a network.
Big Steps
- mitmproxy - Advanced but powerful packet sniffer
Questions from Class
Are there rules against Packet Sniffing?... “Yeah. Do it at home”
- The legality in the US around Packet Sniffing is under the CFAA. Basically, if you use technology in a way other than the way that it was intended, it could potentially be a felony. That includes building your own software on top of operating systems built by other people.
- Also, look at the Wiretap Act
What is the difference between HTTP vs HTTPS
- If you notice on herbivore, there is a lock on some of these packets. The lock signifies an HTTPS request. See the difference using Herbivore and http://cooperative-piano.glitch.me/.
- HTTP: Everyone can see exactly what my computer is asking for.
- HTTPS: What your computer does is secured and encrypted.
- See the difference passed on a form in HTTP vs HTTPS here
With thanks and acknowledgement, we were inspired by the curriculuim templates shared by NYCDOE and NYC Open Data