Why is packet veiwing, capturing and editing considered illegal?

This may turn into a great debate… but I actually think it is innitially a good question to frame; largely because I’m curious about this topic to which I know very little about.

We all know that sniffing the network is illegal… and it should be IMO.
What about the data that only goes into and out of my computer?
Take a trip to anonymizer.com and find out how much data you are leaking when you surf the web. It seems that personal packet veiwing/capture/editing should be manditory for every OS sold on the market, and yet you are treated with suspect and disdain for wanting to control this aspect of computing.

One of the arguments I’ve heard is that you cannot just sit around and hold packets until you decide whether or not to use them… because your ISP will think you’re offline and will boot you.
I just parry with that being my choice, and my problem.

When someone asks you a question on the street, sometimes you don’t want to answer them… sometimes you do, sometimes you want to lie sometimes you don’t. There are real-life consequences for these behaviors, on the net as well as real-life.

I do however think that a person should not have to spend 20,000 bucks just to stop certain packets from leaving their computers in a covert manner, and vise versa… for stop certain packets from entering their computer in a covert manner.

Everyone IMO should be able to veiw the raw data flowing in and out of their computer as easily as they can veiw the desktop on their screen… with the option to let certain packets have permission access and all the rest to be captured and analysed before conceeding to accept or not accept it. The current system of accepting or not accepting a certain IP, does not address the lack of privacy once that IP gains permission to use your computer. I should be able to have a choice somewhere to suspend the IE6 ‘feature’ of telling everyone on the web the last site I visited.

What, if any consequences arise from someone simply working with their own packets on their own computer? These people aren’t hacking or sniffing the network… they are just observing what they have, who’s knocking on their door and who’s stealing from their ‘house’ when their home.


Simply put, sniffing is a wiretap.

For some limited purposes, sniffing is perfectly legal, but in general it is viewed as a tap, and therefore regulated by law. Now, sniffing your own equipment is legal, but sniffing someone else’s packets is generally illegal (outside of certain court ordered-circumstances). In general, placing the capability in every OS, where the public can access it and use it, is asking for trouble. From the point of view of the Law, doing so would be placing the tools of crime in every hand. From the point of view of the OS author, doing so would be a huge potential legal liability.

Can’t they just create it so that you cannot sniffing the network though? It is your data after all… once it knocks on your port and once its ready to leave you computer… you should have the right to let something in or not. You should have the right to let something out or not… to me it just seems like common sense.

I don’t quite understand how it is considered ‘tapping’…
I see the metaphor as picking up your phone when someone calls you… instead of being paralyzed and forced to tell them everything they ask for… you have a choice to hang up the phone, to hear what it is they are asking you, to decide whether or not to tell them anything at all, to decide what you want to tell them. Me having these choices does not require me to tap into the phone system… it simply is about working with what is considered my property. Am I missing something here still?


      • Not always, but often in the popular vernacular: “network sniffers” are programs installed illicitly on somebody else’s network, without their consent, that traps data for use in breaching the network’s security, and that’s what the hubbub is all about.
  • The kind you use illegally is quite a bit different from one you’d use to monitor your own PC, such as an Ethereal-type or ZoneAlarm.
  • Monitoring the packets into and out of your own computer is completely acceptable (as well as blocking whatever you don’t want to send), but creating or modifying packets usually isn’t with many ISP’s, because if you screw it up, it can cause strange errors on the first server that it hits, which will be theirs. And they’ll suspect you of attempting to h4x0r somebody, because people who doctor packets usually are. -For much the same reasons, modifying e-mail headers is usually not allowed, either—even if you just want to send an e-mail without a return address. - DougC

I guess ultimately, I feel something fishy here… a person not having access to the data that enters or leaves their computer on the language level, and cannot control when or what data flows out of their computer… opens up the entire advertsing hell that is double-click and what-not. I think… ‘conspire’ is the word I’m using here. It just seems like such a fundamental right and such a fundamental ease and common sense (to allow a person to control their own data flow), that it makes me wonder what the motive for not implimenting it is…

Deals with advertisers and statisticians is all I can think.


Ahh… screwing up the server communication… I suppose I can see how that would be a burden. It seems like (if ‘they’ actually had gone this direction all along) that ways of ensuring an edited packet will not interfere with the server adversely would be coded into the programs made for the mass public.


Also, zone alarm… is only a port blocker or IP address banning utility… once the access is granted; the IP has full use of data manipulation… not the same as sifting individual packets. It just seems ‘unfair’ pout, pout ;), that what is required for me to visit sites or engage in normal online activity requires me to submit data that I may or may not want to submit. By granting IP access, I invariably grant access to read my last java script or whatever… that just doesn’t seem right to me.


Sniffing your own packets isn’t illegal; nor is giving incorrect responses or sending invalid packets.

Invalid packets, such as those with an IP address you don’t control, should be dropped by your ISP. If the packets cause errors or bring down the ISP’s systems, that’s the ISP’s fault for using such brittle software.

You don’t even need to spend $20,000 for a packet sniffer… you can download a free one for Linux. If you really want to know exactly what you’re sending and receiving, it’s best to use a separate machine anyway (placed in between your main computer and your router or modem).

One of the things NICEast used to pound home to us when I was a Sysadmin for Recruiting Command:

Sniffing packets arriving and departing our firewalls on a random basis for quality control and security checks is fine, as long as you discard any packets recorded when you are done. Storing or viewing those packets was considered an illegal wiretap. When you view the contents of a packet, you are viewing information sent over a wire. As long as you own the wire and equipment, this is OK. However, packets outside your firewall, or travelling on someone else’s wire, are off-limits.

There are many decent or even very good tools for sniffing packets out there at little or no cost, but in order to use them, you have to find them, and learn about them. In the process, you will likely come to an understanding about what not to do with them. Placing the tools right into an OS aimed at functionally computer illiterate people would be not too different from handing out telephone butt-sets to everyone who had telephone service. Most wouldn’t use them, some would use them properly (Which is to say: Not very often), but a significant proportion would misuse them. Better to let the people who need such tools go look for them on their own. It’s simpler, and raises fewer liability issues.

Justhink, I get the impression here that people are trying to answer a different question than what you’re trying to ask.

Let’s start with some basics. Packet sniffers are legal. You can download a free one called Ethereal - I use it myself sometimes. If you have a dial-up connection and want to see the packets going into and out of your computer, have at it.

If you are on a LAN with many users, you could also use a packet sniffer to monitor not only your traffic, but see others’ as well. I work for a company that sells packet sniffer hardware/software for doing this on several different interfaces. I’ve never run into a question of whether this is legal. However, I can see that if you were to use these tools to spy on someone, that could run afoul of wiretapping laws.

What exactly is it that you’re upset about? It seems you have a misconception about what a remote computer can do to your machine. Allowing firewall software to allow communication to a certain remote computer doesn’t give that remote computer the ability to read anything from your PC. “Read my last java script [sic]” … what does this mean?

I’m having a but of trouble working windump; which I think ethereal depends? The difficulty involved with this for me made me wonder why it’s such a sensitive issue in the first place… being that the data is mine once it’s in my computer (or so seems reasonable to assume). The java script thing and various other leaks which occur were in specific reference to browsers like IE6… I’m not sure whether ‘leakless’ browsers exist… but it all seems irrelevant if I can simply block the attempts it makes to spew my data out. You only get choices to block the browser from reading certain scripts (which, when all enabled, leaves most of the web inaccessible). You cannot choose in IE6, to have it stop sending out your data… it records things from your last word document, last java script read, computer name/ID - which can often correspond to a read name/state you live in. Just visit anonymizer and run their scan to see what I mean… their low level scans can’t turn out passwords stored through IE6, but I’ve been made aware that such a feature isn’t tough to enable.

My point, is that this is all prompted data or simply visible by always being broadcast… where is my choice to stop the data from exiting at my end?

I don’t care if you’re God on a computer… I have no interest in what your packets contain… unless you send them to me. What are those packets requesting from my computer, and why the hell can’t I stop my computer from fulfilling the request at my own discretion?

Tranquilis: Are you saying that I cannot store (capture) packets sent to me, so that I can veiw them long enough to determine what they are requesting? Patches for example… auto-patches that don’t register can rewrite entire files… I can’t veiw that to determine before-hand if I want that write to occur? What does that mean: “You can’t store packets from others and analyse them.”?

As for the 20K comment… I ran across industrial ‘go-betweens’. Etherpeek, with this capacity and actual network sniffing capability (which I have no care for, as my computer and its data coming in and out isn’t technically a network in the sense used for ‘sniffing a network’) … anyways… Etherpeek for example costs about $2000 bucks as do many other comperable utilities that offer this function in the commen sense means I eluded to earlier… and you need a liscence to use these programs, which needs to be renewed every 6 months or so… what’s up with that?
I’m curious because of stonewalled silence I’ve recieved on various other boards and USENET about this issue. One guy replied that I was the TALIBAN and not to respond to me WTF?
None of this is in my Miscrosoft handbook… etc… Just seems bizarre to me…

Sorry for the long post… I’m not good at short ones =(

Any packets directed to you are treated no differently than a call straight to you. As long as it’s on your equipment, inside your own firewall (or demark),and long as you own the equipment and wires, then I don’t see any issues.

It’d be easier to just load Zone Alarm and slam all your ports shut, though…

Here’s where I’m not connecting with what you’re saying. The phrase “block the browser from reading certain scripts”… what does this mean exactly? Do you mean that you can tell IE6 not to execute javascripts (note: one word) on a site-by-site basis? I didn’t know it could do this, but I don’t use IE.

I haven’t heard of a bug in IE6 where it can send out your last word document, anything about recent javascripts, or your computer name, unless you have filled those values into a form and hit a “send” button. There have been several bugs reported in IE over the years, including one where a site can read a cookie intended for another site, but I believe that’s been fixed. Is there another bug you’ve heard about where IE sends out this other information? I’d like to see some cites.

Basically, browsers can send out data that you’ve already told the web site anyway. When you enter your user name and password into the SDMB site, it then sends a “cookie” along with the next web page it sends. The cookie is a little piece of information, which your browser will send back to that site (and that site only) the next time you go there, so the site will know that it’s you again. It can’t read anything you haven’t already told it - not information from another site, not your last word document, or your computer name.

A web site can, however, read which web site you just came from if you got there by clicking a link on that site. Unless your browser lets you disable this (like Opera does). Try this link to my web site to see what information is available to a web site: http://www.ccdominoes.com/cgi-bin/env.cgi . If you click this link, it should tell you that you came from the SDMB, but if you type in into your browser’s address bar, it shouldn’t.

I am under the impression that the OP is operating under a whole lot of misconceptions and erroneous assumptions which are difficult for others to dispel because he is so fuzzy and unclear on what he is saying.

>>Why is packet veiwing, capturing and editing considered illegal?

If you mean on someone else’s network, without their knowledge, because it should be. If you mean on your own computer you are wrong. On your own computer you can view, capture, edit, cut, slice, paste packets as much as you like. Why you would want to do this is beyond me but feel free to do it. I think most of your assumotions about someone seeing your last Word Document etc are unfounded. You better be more clear and more specific if you want meaningful responses.