July 20–24, 2015
Portland, OR

High adventures in sniffing my own metadata

Josh Deprez (Google Australia)
2:30pm–3:10pm Wednesday, 07/22/2015
Protect D139/140
Average rating: ****.
(4.29, 17 ratings)
Slides:   external link

Prerequisite Knowledge

Attendees should be generally aware of computers, Linux, and networking, but the basics will be covered.


Governments around the world love “metadata” and want to collect it, which is generally interpreted to mean ubiquitous no-opt-out eavesdropping on the internet at large.

So, what could somebody learn by capturing the metadata from my home broadband? What are my browsing habits? Which servers, in which countries, am I hitting? Which of my devices and applications are phoning home without my knowledge? Was my home network compromised by outside attackers?

I wanted to find out, and the answers are on the wire. So I set up a computer to perform transparent packet capturing and logging of the data found in IP and cleartext HTTP headers. The machine is consumer-grade, running Debian with two bridged Ethernet interfaces, and a reasonably simple program written in Go with the gopacket/pcap library, logging to a timeseries database.

This talk will be about both the technical setup of such a device, why you might want to do this to debug networking problems, and the things I learned by doing this to myself for a few months.

Photo of Josh Deprez

Josh Deprez

Google Australia

Dr Josh Deprez works as a site reliability engineer at Google in Australia. While finishing his PhD in abstract mathematics, he worked in corporate IT Microsoft-land, did subcontracting on iPhone and iPad apps, and had an internship with Google’s information security team. He’s a bit crazy, especially when made to write about himself in the third person.