8.6. TAKING ADVANTAGE OF SSL

One of the most likely risks associated with network communication has, for a very long time, been snooping or interception of network traffic. On early ethernet networks, all the packets were distributed on the same wire (the eponymous "ether") and so could be viewed by any of the computers on the network. This was still true in the days of hub-based network topologies, when the hardware redistributed every packet to every network interface. For a short time switches were employed, which were usually capable of routing a packet only to its destination interface. Nowadays switches are still common in large, high-traffic installations, but the "final hop" of a network is commonly based on wireless communication. Wireless network traffic is again undirected, with the result that anyone with a receiver within the transmission distance of the base station can read any transmitted data.

Ordinarily a "gentlemen's agreement" exists among interfaces on a network, to prevent any of them from reading traffic bound for another interface. Each packet is addressed to a specific interface, identified by its Media Access Code (MAC address). When a system reads a packet whose destination does not correspond to its MAC address, it disregards the packet. That agreement can easily be ignored. Interfaces can be put into promiscuous mode, when they stop checking the destination MAC and pass every packet received on to the operating system.