Sniffing as a Surveillance Tool

Analyzing traffic has perfectly legitimate uses. Traditional wiretaps have aided many investigations. Capturing data packets could provide similar benefits if law enforcement can make sense of all the data it has gathered. However with more automation and less oversight, the potential for abuse is far greater in cyber space.

  • Pen Register/Trap and Trace
  • Carnivore
  • Echelon

Pen Register/Trap and Trace

On a traditional telephone system, the government can use pen registers and trap and trace devices to monitor a suspects phone. These devices collect routing information about the call, namely the source and destination numbers. This information is used by the phone network to establish a connection. Once the call is connected, the monitoring device stops recording.


Carnivore is a sniffer developed by the FBI. It collects all the packets and filters based on the source and destination addresses. This is significantly different from traditional surveillance devices because it collects the content of ever stream first and deletes portions later. There has been at least one case were a glitch prevented Carnivore from deleting all the irrelevant packets. This means that the FBI had collected the content of a data stream it was not authorized to see. In order to be effective, a Carnivore sniffer needs to be placed at every ISP.


Echelon is a collaborative surveillance effect between the United States and her allies. No details are known, but it is generally believed to involve sniffers on the Internet. Unlike Carnivore, these sniffers are probably located in other countries. This system is headed by the NSA, however there is no single governing body and consequently little oversight on its behavior.

