Question About Wireshark And Watching Packets

[livinthailandos]

first I'm still a new person I'm still learning with the aid of my book I bought that talks about watching packets. 1st I want to say i'm watching syn, syn ack, ack along with the protocol come up. Keep in mind I've set my dns servers to opendns. so i start my home page on google. I type a search for scb easy and I start to notice many DNS querys come up. like

a. littlemee.net

b. nationmultimedia.com

c. pangponblog.com

d. thaipr.net

mind you I'm capturing packets from just my ethernet card, so what exactly is happening, is my computer high jacked or am I see other peoples dns query packets come up.

[Tywais]

Probably various google ads or similar that are associated with a site are showing up as they have to be resolved also.

[thaigold]

Wireshark mated with Cain and Abel are very effective tools in securing your network - but a caveat: since internet traffic is of special concern to some in the Kingdom, sniffing packets could be problematic for the user of these utilities. Bear in mind that BKK is not LA.

[SurfRider]

.

"I type a search for scb easy and I start to notice many DNS querys come up"

You can suppress most, if not all, of those DNS look-ups if you understand and make the changes to your "HOSTS" file that are recommended at the link below. It will also most likely speed up your system when using the Web.

http://www.mvps.org/winhelp2002/hosts.htm

.

[swifter]

Not all networks are "switched", which is to say, on some networks you can also view the packets going over the wire to other computers on the local network. Hotels and other shared-wireless environments are notorious for this sort of thing.

That said, you would clearly see that the "conversation" taking place did not have your IP involved if that was the case.

Chances are its innocuous, eg cross-site scripting or hyperlinks on a normal webpage referencing content on third party websites, such as banners, ads, so on.

If you really want to make sure, there is an application called "lsof" aka "list open files", that will take a snapshot of the files in use on your computer and let you know what application is responsible for what network streams. Its a hugely educational tool and if you have even a passing interest in what goes on under the hood of your PC, running it will take you down some interesting roads.

Regarding the comment on how this is BKK not LA and the use of these applications might in some way transcend legal boundaries, although Im certainly not privy to the specifics of constitutional law in BKK, none of the above packages has any use with regards to obfuscating traffic or otherwise manipulating it; they are passive. I can say that using them to intercept data you were not meant to see would almost certainly be patently illegal, eg trying to snatch peoples passwords and so on, but the tools themselves are not illegal, otherwise the kingdom would have made the entire Information Security industry illegal at some point and Im reasonably sure I would have heard about it had that been the case (as would have Oracle/Sun up the road, shortly after they were raided ostensibly).

Edited May 10, 2010 by swifter