From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Mon, 12 Sep 94 11:09:55 PDT
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: "Packet Sniffers"
Message-ID: <Pine.3.89.9409121209.A23755-0100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


I know this is probably the wrong forum, but I also know that the quality 
of hte people here is ample to get my question answered.

I am an undergraduate student at a state university in Minnesota.  This
summer as part of a long-term independent study I set up a Linux machine 
on the campus ethernet, get it assigned an IP, and then proceeded to do a 
practicum on system administration and information management.  (This is 
also the same machine that briefly rand the digested version of the 
Cypherpunks mailing list).

Following some departmental conflicts and (IMHO) illegal sanctions, the
machine was shut down for some unspecified "security concerns". 
Essentially, it turns out, the computer science department didn't was this
kind of independent project around.  So I trundled across campus to
another college, got the proper faculty behind me and submitted for the
continuance of the project. 

After three weeks of jumping through the correct hoops and over the 
correct hurdles, there appears to be only one "concern" remaining.  

Some junior computer administrator has raised the concept of "packet 
sniffers" as being a suitable bar for my project (the machine is a 486/66 
Linux machine).  Unfortunately, I haven't a clue what exactly  a "packet 
sniffer" is and am really not in a position to answer the arguments in 
even a semi-informed manner.

Thus, I am posting here in the hope that one or more of you can take a 
moment to give me the lowdown on what these things are.  Common sense 
seems to indicate that it is a piece of software or firmware that will 
display the contents of any packets that pass through the machine on its 
way to the correct destination.

The specific setup would have the machine on a thinnet link in a lab with 
about 20 other PCs which are used primarily as word processors and 
terminals to the campus VAX or UNIX machines.  The specific upstream 
setup is unknown, but I assume there is some kind of a line to a router 
upstream, eventually winding its way into the real world.

It seems to me that a packet sniffer on the lowest link of the network 
wouldn't be able to look at those packets passing upstream because the 
router would never pass them down, but I could be just plain wrong and 
thats why I'm asking for some clarification.

Thanks for your help.  Sorry if this seems confusing.


____        Robert A. Hayden       <=> hayden@krypton.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or anyone else
-=-=-=-=-=-=-=-
(GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ 
		P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++
		j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++**