Carnivore An FBI Packet Sniffer - NayiPathshala

Breaking

Total Pageviews

Loading...

Search Here

11/22/2017

Carnivore An FBI Packet Sniffer

What is Carnivore ?

In any dictionary we can find meaning to the word ‘Carnivore’ as “An animal that eats meat”. The main characteristic of the carnivore is , it can smell the meat wherever it is. Federal Bureau of Investigation (FBI) named this software as Carnivore because it can intercept and view the suspected e-mails and Internet traffic.

In FBI words carnivore is a computer dependent transaction tracking system. The system needs to be attached to a ISP server for making the electronic reconnaissance work. It was design so that with judicial order FBI can connect this software to any of the ISP server to intercept and collect suspected e-mails and Internet traffic for investigation.

When we click the send button, after composing the e-mails, the computer breakup the data into small parts or uniform chunks . we call them as “packets”. All this packets have given a serial number. after this they are routed to the Global Network. While traversing the data to the destination the packets travel through several servers. After packets reaching the destination , the destination server checks whether all the packets are reached are not. After deciding all the packets are reached , the destination server reassembles the packets to form complete message depending on the packets’ serial numbers.

Based on this FBI developed “ Packet Sniffer” system that evaluates data flowing through network to determine whether it is part of e-mail message or some piece of Web Traffic.
FBI connects the carnivore installed computer to ISP server. This computer compares every packet that travels through the server with the filter that is settled in it and stores if any packet matched. For example, if we set the filter for finding the mails which consists the word ‘Bomb’, then it stores all packets and related e-mails that have the word ‘Bomb’, in computer that is connected to it. while doing all this process it cannot interrupt the Internet Traffic.

Types of MODES

For collecting information Carnivore uses two types of methods, those are

• Pen Mode or Trap and Trace Mode
• Full-collection Mode

We can set any one the Mode depending on our requirements.

Pen Mode or Trap and Trace Mode

The pen mode or trap and trace mode almost looks like Caller Line Identification method (CLI), which is used in telephones. Using this CLI we can know the Caller number ( calling person’s telephone number). In the same way, Carnivore also finds from which address the packet came and to whom it was addressed etc.. Apart from this details it can also finds the IP addresses of the server and also the details of the other servers that are participated in routing mails. Using all this information we can find the details of the computers those are participated in File Transfer Protocol (FTP) and Hyper Text Transfer Protocol (HTTP) sessions. In general for scanning the e-mails we use
Pen Mode.

Full-collection Mode

In Full-collection Mode, apart from getting the all information that is available in Pen Mode, we can also read the total message. Whenever we have a doubt about a packet we can change from Pen Mode to Full-collection Mode to read the total message.

No comments:

Post a Comment