Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Re: Using Ethereal
- Walter Roberson
August 29, 2004, 5:32 am
rate this thread
:> Is it illegal to use Ethereal just to monitor what traffic is going on
:> between My Computer and when I surf the web? When there is no network
:You can do whatever you want with your own computer's data.
Barry, that statement is somewhere between misleading and false enough
to get someone into serious legal problems.
See my earlier posting in this thread exposing some of the conditionals
and jurisdictional issues.
Even if it is "your" computer, in quite a number of States in the USA,
snooping data that is being transmitted on behalf of other people
can constitute a felony [at least if they don't know you are doing it.]
Most Windows users will run any old attachment you send them, so if
you want to implicate someone you can just send them a Trojan
-- Adam Langley
Re: Using Ethereal
|> :You can do whatever you want with your own computer's data.
|> Barry, that statement is somewhere between misleading and false enough
|> to get someone into serious legal problems.
|He specifically said "when I surf the web", so he's talking about his
|own data, not any other users.
Compare "You can do whatever you want with your own data on your own
computer" to "You can do whatever you want with your own computer's
At least two elements are important legally important for sniffing to
be legal in a situation in the USA:
A) That it is -your- data, and not someone else's; and
B) That you have authorization from the computer's owner (which might
be yourself) to undertake the monitoring.
In some US states, a third requirement is added:
C) That if the data is being exchanged with another party, that the
other party consent to the monitoring and use you will put the data to.
The way you phrased your reply included only (B) -- and the legal
situation is much more complex than that.
There *are* locations that object strongly to packet-level monitoring
when you access their service. Services that, for example, do not want
you to reverse engineer their protocols. Or services that give you
license to -display- an image but not to in any many -record- the
If you are monitoring packets with the intent to reverse engineer a
protocol or find a key or a security weakness, then in the USA your
actions may well fall under the control of the Digital Millenium
Copyright Act, which essentially says that if a company puts ANY kind
of security protection on a data streamn, breaking the protection *or
even just analyzing it* is a serious offense in most circumstances.
Only "bona fide" cryptographers [e.g., -already- recognized as having
good scholarly cryptography credentials and publications in peer-
reviewed journals; or additionally students taking cryptography courses
at a university] are allowed to even discuss their efforts publically,
and even then before embarking on studying a particular datastream, one
must notify the stream creators in advance and give them a chance to
provide an API that gives you access to the stream without revealing
how the cryptography is done.
I've just been installing Windows XP (I messed up the install someone
had done for me), and I've been looking at the click-wrap agreements
as I go. EVERY one of the products that has to do with .NET or relies
upon the .NET API (e.g., Windows Media Player 9), has a clause in
the click-wrap that says that you agree not to reveal ANY benchmark
of .NET to any third party without the written permission of Microsoft.
Thus, if you post a simple ethereal packet trace of an attempt to
connect to a .NET service, on the basis of your statement that,
"You can do whatever you want with your own computer's data.", then
if you don't strip out the timestamps, you are effectively posting
a .NET benchmark, and your software license is void if you haven't
obtained the written authorization of Microsoft for that posting.
This is an example of my point (C), that the other party must consent
to the monitoring and use you will put the data to.
It may be your computer, and you might be monitoring packets
being generated on your behalf -- but you might still
not have the legal right to do that monitoring in some circumstances
in some jurisdictions. US law can get pretty messy.
Studies show that the average reader ignores 106% of all statistics
they see in .signatures.