A Few Reasons Why Firesheep May Not Work

Like many people that deal with computers, my colleagues and I downloaded and tried out Firesheep. I was using the application on a wired network switch on Windows Vista and my colleague was using the application on a wireless WPA encrypted connection on Windows 7. We were surprised to see that neither of them worked out of the box.

The first hurdle we encountered was some sort of _cc error. After looking at the error messages, it was obvious that we needed to download the WinPcap driver to get Firesheep to do anything at all. After we got WinPcap installed, we could still only watch ourselves logging into sites. Why is that?

Well, because I was on a network switch, it means that my traffic was being routed to and from me, not involving everyone else on our network. In order to see everyone else's traffic, I would have needed to do what is refereed to as ARP poisoning on the network switch. This would trick the switch into sending everyones traffic my way. A network switch keeps what is called an ARP table that associates MAC addresses to IP addresses. It allows efficient network traffic routing directly to and from targets instead of blasting packets to everyone on the network like old hubs did.

The reason my colleague on the WPA encrypted network couldn't see any traffic was due to a feature of WPA encryption called "client isolation". If you want to find out more about these scenarios I would recommend listening to Security Now 272. Steve does a great job; as always of explaining in detail Firesheep.