Sniffing the Wireless Traffic of MIT Students

An anonymous reader writes "Someone got permission to sniff the wireless traffic during an MIT class. The professor: none other than Robert Morris, creator of the first Internet worm! The lecture: computer security! I love it."

Thank you, Apple

[Anonymous Coward]

Highest number of packets: MDNS (Multicast-DNS, Zeroconf) with a whopping 30% of all packets. Because computer Barbie says: Configuration is hard.

Re:

[Itninja]

But the case is so pretty. I...can't...stop....must...resist....

Re:Thank you, Apple

[ThrowAwaySociety]

Highest number of packets: MDNS (Multicast-DNS, Zeroconf) with a whopping 30% of all packets. Because computer Barbie says: Configuration is hard.

*rolls eyes* Yeah, what's with kids these days and their automagical service discovery.

Back in my day, we manually entered protocol names and IP addresses. Forget zeroconf, we didn't have DNS. We kept a list of IP addresses in a text file on our systems. And if we didn't know the IP address, we went out and walked over to the datacenter, uphill, both ways, in the snow, and we wrote it down using our own blood for ink so we wouldn't forget it.

And we liked it that way!

Re:

[ElectricTurtle]

Mmmmmm... now that's good sarcasm!{/Jon Stewart}

Re:Thank you, Apple

[natehoy]

Now get the hell off my LAN! :)

Re:

[gyrogeerloose]

Excellent rant, but you forgot to tell us to get off your lawn.

Re:

[dgatwood]

At an average of 50-60 bytes apiece, that's a total of a whopping 47 kbps, or 0.0047% of capacity. Yes, that's an acceptable price.

Re:Thank you, Apple

[Rockoon]

Look at it this way:

259932 MDNS packets

...over 45 minutes...

...and 21 sources...

Thats 5776 packets per minute, 275 packets per minute per machine.. or an average of 4.6 packets per second per machine, of just MDNS traffic.

Now, this shit does what, exactly? Why exactly does it need to spam the network every 220ms?

Re:

[dgatwood]

So that students can find each other's iTunes libraries, among other things. You may not realize it, but mDNS plays a pretty significant role in college dorm life.

Re:

[BZ]

21 sources, right? Sending broadcast packets on a WiFi network? But WiFi has no concept of broadcast packets; these are simulated by the access point transmitting the packet to each wireless client individually.

The question is what tcpdump (which was used to create the logs) would show here. Would it show one broadcast packet? Or 22 separate packets (1 from source to AP, and 21 from AP to destinations)? I think last time I tried (when mDNS traffic from a few hundred laptops all in one room was totally

Re:

[butlerm]

At an average of 50-60 bytes apiece, that's a total of a whopping 47 kbps, or 0.0047% of capacity

The effective capacity consumed could be quite a bit higher than that due to CSMA/CD overhead and the like. If someone else is transmitting a station has to wait a random amount of time before transmitting, for example. That is a non trivial factor that can easily take a busy 10 Mbps network down to 3 Mbps of usable capacity, for example.

Re:

[arth1]

I thought AIM was for 13 year old girls and pedophiles.

What in the above stats convince you otherwise?

Re:

[paiute]

Tsk, tsk. Mod MIT -1 overrated. I sure wouldn't pay out my ass to send my kids there.

http://en.wikipedia.org/wiki/The_Fox_and_the_Grapes [wikipedia.org]

Re:

[hoggoth]

I don't there there are many 13 year old girls at MIT. Draw your own conclusions.

Re:

[CapnStank]

What I find more interesting is:
"Number of traffic sources in the room: 21"

Maybe I can't comprehend this properly but 22 AIM > 21 sources?

Re:

[Zen Hash]

What I find more interesting is: "Number of traffic sources in the room: 21" Maybe I can't comprehend this properly but 22 AIM > 21 sources?

Maybe someone was logged into more than one AIM account from the same machine.

Re:Thank you, Apple

[arth1]

It's not THAT Apple uses zeroconf, but HOW they use it.
There's nothing in the zeroconf specs that say you have to constantly flood the network with queries.

Re:Thank you, Apple

[metamatic]

On the other hand, Zeroconf was basically invented by Stuart Cheshire [stuartcheshire.org], who works for Apple (and invented the tank game Bolo, another good way to waste network bandwidth).

Re:

[arth1]

BZFlag is better, but speaking of multicast and games...
Back in the good old days, one could get a whole IPv4 multicast address assigned to a game, like 224.0.1.2 (SGI-DOGFIGHT)

Re:

[jimbolauski]

Bolo, another good way to waste network bandwidth).

Bolo is not a waste of network bandwidth, with it's ring communication it is very light on on the bandwidth latency was always the problem.

Re:Thank you, Apple

[tsm_sf]

Well in all fairness if the token happens to fall out you can spend hours looking for it.

Billable hours.

Get Your Facts CORRECT ! : +2, Prior Art

[Anonymous Coward]

You state:
"Robert Morris, creator of the first internet worm!"

You are obviously unaware of The “worm” programs—early experience with a distributed computation [acm.org]

I hope this helps your reference callouts.

Yours In Akademgorodok,
Kilgore Trout, C.I.O.

Re:

[betterunixthanunix]

Hm...I did not notice any creeper or reaper references in that paper...

Laptop Useage in Class?

[SmilingBoy]

I haven't been to university for 9 years, but are students really using laptops during class???

Re:Laptop Useage in Class?

[Ephemeriis]

I haven't been to university for 9 years, but are students really using laptops during class???

Laptops, netbooks, smart phones, tablets... Yup.

In theory they're typing notes or recording the lecture or something.

In practice, I suspect it is more of a distraction than anything else.

Re:

[yo_tuco]

"In theory they're typing notes or recording the lecture or something.

In practice, I suspect it is more of a distraction than anything else."

Not much different than when we were bored with a lecture and played hangman on our HP41C calculators back in the 80's.

Re:

[nicolas.kassis]

I had asteroid on my TI-83 ;p

Re:

[korean.ian]

Only a distraction if you let it be. Returning to school this year, I use my notebook to take notes in all my classes except econ, because graphing is not much fun in TextEdit.The notebook is pretty valuable, although I suspect it would be of less use in a science/maths lecture. Easy text formatting for highlighting different pieces of information within the structure of the notes, useful for looking up relevant information, and of course I can type faster than I can write, so while putting down the import

Re:

[StikyPad]

Ah, so just like work then.

Re:

[Doctor Faustus]

I suspect it is more of a distraction than anything else.
And a way to stay awake.

Re:

[Timmmm]

Only in America. Nobody does in the UK. (Ok, there are always a few idiots...)

Then again, we got fill-in-the-gaps style handouts in our (Cambridge Engineering) lectures. Sounds silly but it was actually really good, for the following reasons:

1. Keeps you awake and concentrating - if you don't listen you don't get complete notes.
2. There's no way you could reproduce the volume of material gone through in the lectures.
3. You can draw diagrams - try doing that in real time on a laptop.

Re:

[nicolas.kassis]

That says a lot about the usefulness of lectures now days. I'm one of the worst offenders in class. But at least I'm coding something useful OR posting on slashdot ;p I know this will break most lecturers heart but most student don't understand much listening to lecture. It's usually a water hose of information that don't compare to good online notes. At least for the more visual students.

Re:Laptop Useage in Class?

[Monkeedude1212]

In my class 2 years ago, it was pretty much mandatory. Prof would be walking you through a PHP script for logging onto the server. If you weren't following along, you were considered not learning the skill.

In this way, the prof could look around at everyones laptop. He'd be able to see how people coded differently, and give suggestions on how to either improve their style, or what languages they'd be most comfortable in, what editor they might like, etc etc. It went beyond simple reading of the code, it was an inspection of how you wrote the code you did, and I found it very helpful.

Re:Laptop Useage in Class?

[HeckRuler]

That sounds awesome. A hell of a lot better then my ComSci department that made us write out code on paper for the tests.

Re:

[HungryHobo]

Oh I'm in comp sci now and we still have to do tests on paper.
If anything we do use the computer labs for tests less than most of the rest of the science faculty.

Though to be fair we're also far more likely to figure out how to bork the system to cheat which would only be fair in a security exam.

Re:

[Monkeedude1212]

He was an amazing Prof, and a good deal of them were similar, it was a small classroom of about 40 folks, unlike the 100 person lecture halls at Universities. Thats why I prefer the Polytechnic. It might not be as impressive on the resume but its hands on training that companies can respect if their HR department is smart.

Don't get me wrong, there is always that one prof no one likes. I remember learning how to use VB in Excel... As if that class wasn't bad enough, we had an old military commander who would

Re:

[ceoyoyo]

Coding on paper makes you a better coder. Be thankful you had a CS department that made you do that. Few do anymore.

Re:

[Nadaka]

My most annoying test was writing a grammar and recursive descent parser for a set of complex regular expressions on paper.

That professor was simultaneously the best and worst teacher I have ever had. He was a total hard ass, but if you managed to pass his classes, you really ended up learning.

Re:

[StikyPad]

I hate wrist craps, especially when they're watery.

Anyway, the benefit of taking tests like that is that you don't *have to* debug. Syntax is usually a secondary concern (if it's a concern at all -- we were allowed to use pseudocode), and design is emphasized over implementation.. which is good, because any monkey can debug or look up syntax (and even the most skilled coders will have to), but creating an elegant design takes some amount of skill and insight.

Re:

[blackfrancis75]

what languages they'd be most comfortable in,

And here I thought programmers were meant to be versatile, and chose the best language for the task at hand.
At least, that's the utopia we should be teaching students when they're just starting out, surely ;)

Re:

[gront]

Yes. Absolutely.

http://www.washingtonpost.com/wp-dyn/content/article/2010/03/08/AR2010030804915.html?hpid=topnews&sid=ST2010030805078

Re:

[AnEducatedNegro]

son, I was in university 10 years ago using my laptop in class. it's great for taking notes, though i am more jealous of kids nowadays because they have tablets and ipads. how i would have killed for that instead of using a wacom tablet and a laptop....

it was also to disguise the fact that i was writing video games in my intro to computer architecture classes

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[rwa2]

Probably not anymore... now if you had a CDMA / GSM / EDGE 3G sniffer, that might be entertaining nowadays...

Re:

[Anonymous Coward]

Yes, and despite your skepticism, it's actually useful:
-Take notes
-look up a reference that the prof didn't bother to explain
-If you're bored, you can pay half attention instead of just falling asleep.

Mind you, like the rest of college, you get out of class what you put into it. There are certainly kids who go to class for attendance points and spend all period playing farmville.

Re:

[HeckRuler]

Yeah, I can type a hell of a lot faster then I can write. And I can actually read it afterward!

Re:

[Hunter0000]

Speaking for myself, I find them a good distraction during mandatory classes with professors I have already discovered can't teach whatsoever and I am better off reading the book (and sometimes I do that instead of use a laptop). For those who can though, I never do.

At least at my uni you can usually tell how respected the professor is by how many laptops/iPhones/random gadgets are being used in-class.

Re:

[Bakkster]

At least at my uni you can usually tell how respected the professor is by how many laptops/iPhones/random gadgets are being used in-class.

Or, at least how easy the class is. I knew 90% of the subject matter in my physics and chemistry classes, yet was forced to attend physics by electronic attendance. I just distracted myself until there was an interesting demonstration or an interactive question for participation points.

Re:

[Securityemo]

Yeah, sure, why not? If you can't keep attention, that's your problem.

Re:

[Quantumstate]

At my maths course in the UK there are two people who use laptops in lectures, one is a laptop which converts into a tablet so the guy takes note with a stylus. Then other guy types the notes up using Word 2007. Everybody else uses paper. The only exception is the computing course (introductory programming) where a lot of people had laptops and which were recommended.

Re:

[Quantumstate]

It is not that people don't have laptops, virtually everybody has a laptop (apart from a few desktop users like me). I don't know of a single person without a computer.

A computer is essential unless you want to visit the computer lab every other day to check for emails.

There just isn't a culture of having laptops here which perpetuates itself.

Re:

[cgenman]

When you're not taking class in a room full of computers. All of my grad classes have involved desktops in front of us. Add to that students who have both laptops and iphones / androids out in front of them, and you have a pretty wired group. iPads are just starting to filter in, but look perfect for keeping up with information.

They're great for taking notes on. You can take some detailed notes, then send them around to absent students after class, or search your notes for snippets. Eight months later

Re:

[NewbieProgrammerMan]

You should go take a class (any class), and sit in the back. I've seen people browsing ESPN for the whole lecture, playing Flash games, reading the news, voting on $HOT_OR_NOT_CLONE, looking at page after page on $PICTURE_CAPTIONING_SITE, you name it.

For bonus entertainment, try to get in on study groups with these same people to hear them gripe about how hard it is to learn the course material.

Re:

[jellomizer]

It is far more common now...

I Graduated from my Undergrad about 9 years ago too. The people who actually used their laptops during class were considered arrogant rich snobs. Who just wanted to show off their bling. Most students didn't have laptops, it was only reserved for either the Arrogant Rich Snobs or the people who live so far away from the college that they need to fly to school so they have a small computer to bring. The really techie people of the time had the huge desktop towers 2 feet tall

Re:

[pjt33]

I graduated from university 8 years ago and already some people were using laptops during lectures. Not just CompScis either.

Re:

[pluther]

Hell, I was using a notebook (as we called 'em back in Ye Olden Days) computer in class back in 1990, and I wasn't the only one.

No wireless, though, so I didn't surf the web with it.

No web either, come to think of it...

Re:

[SmilingBoy]

Not in European universities which are the only ones I have been to. Many students had a laptop towards the end of my studies but none of them took them into class. WiFi or UMTS (or even GPRS) did not exist at this time. I should add that I studied economics and not computer science. We did have some (econometrics) classes in computer labs, but that was about it...

Re:

[ElectricTurtle]

You're kidding right? You didn't even have 802.11b? That came out eleven years ago and was all over my university when I was there eight years ago (where I also used a laptop in class, and I know the law students were all required to have laptops). So do Europeans have fire? Or the wheel? I mean please.

Re:

[SmilingBoy]

11 years ago was 1999, and that was maybe when the standard was released. I left university in June 2001. Two years are not a lot of time to build up a wireless network. I certainly have not heard of anybody using the Internet over a wireless network until maybe 2002 or 2003 and started using it myself in 2005 only (in hotels).

Re:

[ElectricTurtle]

Jesus you people must live in caves. In 2002 wireless was ubiquitous both at Seattle University where I was going and Seattle in general. You couldn't swing a cat without hitting a place that offered wireless access and many used it.

Re:

[SmilingBoy]

It was at a top university in London, so not really a cave.

Re:

[ElectricTurtle]

I'm not talking about just the university, I'm talking about the whole city. Wireless was pervasive throughout the entire metro-area. I know, I used to wardrive Seattle starting in 2002. Every neighborhood had access points.

Re:

[Bakkster]

Availability isn't the same as cultural standards for their use. One might assume that his university discouraged (either actively or through peer pressure) their use in class, and he is surprised that acceptable standards have changed.

It used to be that you excused yourself to the bathroom to use your smart phone, and using it when company was present was seen as disrespectful. Now blackberries are used in the middle of meetings, and teenagers text while carrying conversations with others in the room.

Re:Laptop Usage in Class?

[Tetsujin]

I haven't been to university for 9 years, but are students really using laptops during class???

You're kidding, right? Did you forget a digit?

The first laptops came out, what, a little over twenty years ago? They appeared in university classrooms about five minutes after that.

I was in college around the same time period - late 90s. Yes, laptops existed. Personally, though, I couldn't afford one. My sister bought herself a laptop running Windows 95 - a 90 MHz Pentium, I think it cost her over $1000 at the time. (And since she bought it on a credit card, with interest it became a real beast to pay off...) I don't think she used the battery very much - mostly it was to replace her old dedicated word processor machine and act as her dorm-room PC.

And then, apart from the whole c

It's not uncommon...

[zero_out]

It's not uncommon. In fact, at my alma mater, the students do the same thing in their IT security class. It's an exercise to show how easy it is to sniff packets, and find passwords for things like email accounts. This is meant to encourage better security. If the students don't know why something is important, they won't care. When I was in grade school, many kids didn't see why algebra was important, so they didn't care, and didn't bother learning the material.

Re:

[QuantumRiff]

At my school, after sniffing one lecture, I went right on down to the IT department, and showed them my packet sniffings of a proffessors machine infecting 6 unpatched machines in the library. They thanked me for it.

Re:

[rgviza]

At my school (ASU), after sniffing one lecture, I threw up a little in my mouth. Damned sweaty bohemians that think a magic crystal works as deodorant. Not in Arizona heat...

totally offtopic, but fun

[oddTodd123]

Wikipedia will do this to you. I clicked the link for Robert Morris, followed links to read about his first startup, and found their original business plan, which contained this gem in their list of needs, dated 8/24/95:

2. Secure server software ($5000). This does not seem to be an absolute necessity; there are a lot of sites on the web where you can send your credit card number unencrypted, and to date there have been no reports of the numbers being stolen. But catalog companies may *believe* that a secure link is necessary, and spending this $5000 would give Webgen a much more professional look.

Money well spent

[Reason58]

FTFA:

I got permission from Robert Morris and Sam Madden to monitor the wireless traffic during their Computer Systems Engineering class and made an announcement at the beginning of a class period explaining what I’d be doing.

He told everyone up front he was going to do this and people were still chatting, watching TV, reading about Warcraft, and updating their blogs. Just imagine how bad it would have been if he hadn't said anything. I bet some hard working people who were rejected by MIT are really happy to read this.

Re:Money well spent

[Chapter80]

Awesomely, AIM, Jabber, MSN Messenger, and Yahoo! Messenger were all represented in the traffic...

AIM is the clear favorite.

I've lost respect for MIT's admissions process.

Re:

[CAIMLAS]

I have to wonder: where is the IRC connection?

Re:

[cgenman]

I'm kind of surprised that they don't announce this at the beginning of every class, log all interactions, and present that data back to the student when deciding upon grades. When people know they're being watched, they tend to behave differently.

Re:

[HeckRuler]

Well those hard working people apparently weren't smart enough to sail through highschool physics/calculus, since they apparently had to work at it.

It's a real kick in the pants, but some people are quick, clever, and sharp enough to achieve in a few minutes what it takes you hours to do. Life isn't fair, deal with it.

Re:Money well spent

[Reason58]

There is a lot to be said for work ethic. Trust me, I know. I'm posting this from work.

hmm

[hypergreatthing]

you need permission to receive radio transmissions?

What's next? permission to listen to people shouting at others across a room?

Re:

[arth1]

Bad anology. It's about the expectation of privacy.

If I sit stark naked in my recliner at home, nothing prevents a passing balloonist from filming me through the window, but if he did so, I would still call it invasion of privacy. Because my expectations are that no-one will see unless they actively take steps to do so.

Similar for WiFi -- no-one will overhear the traffic unless they actively take steps to do so. When they do, it's an invasion of privacy.

Re:hmm

[Lumpy]

you can call it all you want. The Law states that any photo taken from outside the property is not. That is what matters, not what you think.

It's how I dealt with a Asshat neighbor. pointed a security cam at his house. Caught him throwing trash over the fence to the next door neighbors. I sent the footage to the cops and he got nailed. He threatened to sue me based on "invasion of privacy" and I dared him to do it, i even egged him on with" you ain't got the balls" and 'chicken" because I know the judge would eat him alive.

It's also why you can be arrested for indecent exposure when you are naked in your home. If I can see your dirty naughty bits from outdoors.

if you want privacy, keep the blinds closed.

Re:hmm

[swb]

Don't egg anyone on. It raises you to "willful participant" status.

Had it escalated to a physical confrontation you may have had trouble claiming self defense.

You always want to remain a "reluctant participant".

Re:

[rgviza]

>It's also why you can be arrested for indecent exposure when you are naked in your home.
yup. happened in my neighborhood.

Re:

[Mister Whirly]

If you are broadcasting radio waves that can be picked up by anyone within broadcast range, your expectation of privacy should be zero. It would be different with wired, becasue that would mean someone would need physical access, and would most likely be trespassing and possibly breaking and entering to obtain physical access. When I can sit out in front of your house on public property and receive radio waves you are sending out, no crimes are being committed. What I am doing is passive, not active - the o

Re:

[butlerm]

18 USC 2511 (g): It shall not be unlawful under this chapter or chapter 121 of this title for any person (i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

Unless intercepting unencrypted wireless traffic on an open network is a violation of some other law, it appears the Electronic Communications Privacy Act doesn't restrict it at all. (I posted this on th

Re:hmm

[CraftyJack]

It's called "civility".

You ask before doing things could piss other people off even when you are technically within your rights to do so, and other people are willing to cooperate with you to mutual benefit.

You can choose to forgo "civility", but then other people will refer to you as an "asshole" and you will have fewer opportunities to benefit from non-zero-sum cooperation.

Re:

[Chapter80]

Not sure where you're from, but just an FYI... In many states, it is legal for one party of the conversation to record a phone line without the permission of the other. However, some states are "Two Party Notification States". [wikipedia.org]

Re:

[drinkypoo]

You need permission to tape a conversation over the phone

Not if I'm taking part in that conversation, unless I go to some shitty state where I have even less rights than California.

Re:

[pluther]

Actually, California is one of the aforementioned states that require both parties on the phone to be notified of recording.

Fun tip, though: If you call a company and get a message that "To insure quality of service, this call may be recorded," this implies two things:
1. If you don't hang up, you are giving permission to be recorded.
2. Since they're stating it, they are also giving permission to be recorded (otherwise their recording would be illegal), and thus you can make your own recording and produce it

Do nothing. Act casual.

[Itninja]

from TFA: "...monitor the wireless traffic during their Computer Systems Engineering class and made an announcement at the beginning of a class period explaining what I'd be doing."

So does this represent what would really be so if he hadn't told them ahead of time?

One up

[Skyshadow]

Shoulda saved the results of the sniffing to Richard Stallman's account for old times sake.

Some more RAW wireless data

[punit_r]

CRAWDAD [dartmouth.edu] is a community based effort of sharing data captured on a wireless network, only after anonymizing. This has proved to be very useful to the research community in general.

Very real statistics about the protocols used and the kind of traffic patters observed over a period of time can be observed from the data sets. All of this with users not being very conscious of their activities. I say this because some of the data sets are for durations as long as 5 years. It is a lot easier to avoid surfing pron

It beats sniffing MIT students

[RandomUsername99]

It beats sniffing MIT students. Trust me.

Comment removed

[account_deleted]

Comment removed based on user account deletion

WWW != Internet

[Mostly Harmless]

From TFA: "Using the Internet means a lot more than HTTP traffic!"

Maybe that's because the Web != the Internet? I know that the Web represents most of the active time many people spend on the Internet, but really? When did the two become synonymous?

Nothing new at MIT

[JelloJoe]

Nothing new here. The same thing was done in 2005 when I was in the class. It was done by the professor himself and the next day he was able to display the IM conversation two kids were having in the class. One end was encrypted so he didn't think he could be caught, but the other end was not, so the prof was able to display the chat. Basically the chat had something to do about how bored the student was. It was quite amusing.

Re:

[longacre]

No it didn't. profile.ak.fbcdn.net = facebook.

Re:

[Monkeedude1212]

You thought it just... went away?

I don't see how IMing would ever go away...

Re:

[betterunixthanunix]

Perhaps if all instant messaging was being done using AJAX? Gchat, Facebook's IM feature, etc. This would not show up as "instant messaging," just more HTTP traffic, unless I am missing something.

Re:

[Monkeedude1212]

Ah, makes sense when you put it that way. I still considered those as "Instant messaging" services.

In fact, I don't think any of those web browser chat features use port 80 or 8080 or 443. But I might be mistaken. I thought its not HTTP at that point, but a webapp running on its own.

Re:

[HeckRuler]

You know how your cell phone can "text"? You know how kids these days are all over that shit?

Well he's a pro tip, you can also do that with a computer.

Re:

[hvm2hvm]

really? so what's the next step from IM? the one that should have made it obsolete already...

actually, now that i think about it, you're probably just trolling considering your question about myspace

Re:

[treeves]

One wonders what fraction of the students understood what it meant that the packets would be sniffed.