Carnivore. The Electronic Surveillance Tool. Pedro E. Cusinga CIS450 Strayer University. Some Statistics. Not even ten years ago , most people didn’t know what the Internet or e-mail was. Before that, most people didn’t have computers at home or at work
The Electronic Surveillance Tool
Pedro E. Cusinga
Counterattacking criminal activities
Investigating and deterring such wrongdoing not only requires tools and
techniques designed to work with new evolving computers and network
technologies . But it also requires to work in coordination and under the
supervision of the Department of Justice.
Thedecision to use Carnivore comes only after a criminal investigation has proceed substantially.
Carnivore is a very specialized network analyzer or “sniffer” which runs as an
application program in a normal computer under the Microsoft Windows
It works by “sniffing the proper portions of network packets and copying and
storing only those packets in conformity with the court order
The Carnivore device provides the FBI with a “surgical” ability to collect only the
data they are looking for while ignoring those communications which they are
not authorized to intercept.
Carnivore is superior to any commercial-available “sniffer” tool. Commercial
sniffers are typically designed to work only with fixed IP addresses.Carnivore on
the other hand was specifically designed to interface with ISP networks so that
when dynamic addressing occurs it can immediately respond to it.
The example above shows how the system identifies which packets to store
The carnivore system architecture comprises of:
1- A one-way tap into an Ethernet data steam
2- A general purpose computer to filter and collect data
3- Additional general purpose computers to control the collection and examine
4- A telephone link to the collection computer, and
5- DragonWare software written by the FBI.
DragonWare includes Carnivore software to filter and record IP packets and
Packeteer and CoolMiner, which are two additional programs that reconstruct
e-mail and other Internet traffic from the collected packets.
Carnivore is connected to a 10Base-T Ethernet using a Century Tap made by Shoniti Systems. In a typical installation, an existing line is disconnected from a hub or switch and plugged into port A of the tap. A new line is run from port B to the hub/switch. The tap passes the traffic along the line from A to B to A if it were standard cable. At the same time, it takes a copy of the transmit data in each direction and feeds it to ports 1 and 2. Additional cables connect ports 1 and 2 to standard hub. This connection ensures that both sides of the communication on the Ethernet appear at the hub, but no data can be sent from the hub. The carnivore system is then connected to any open port on the hub.
This cabling arrangement and the Shoniti tap ensure Carnivore is in a receive-only mode. The FBI technicians who install Carnivore work with ISP personnel to have Carnivore connected to the smallest bandwidth pipe possible.