What data does Carnivore monitor?
Your data. Whatever network you are plugged into. If your computer is at work, then Carnivore will "hear" the web traffic from your co-workers. If you take Carnivore home, then it will "hear" the data at your home... and so on.

Can I make my own client for Carnivore?
Yup, that's the whole point ;-) simply launch CarnivorePE and make a network socket connection to "localhost" on port 6667 and you are home free. Just open a Terminal window (Mac) or DOS window (win) and type: telnet localhost 6667. We have templates available on the download page for Flash, Java, Perl, etc to help you if you want. There are three flavors that CarnivorePE can output: A) full packet data in ASCII, B) full packet data in strings of hex code, or C) packet headers only. CarnivorePE will default to C, but you can make your client switch to A by sending the following command to CarnivorePE (i.e. printing to localhost port 6667): JOIN #carnivore, or switch to B by sending the following command: JOIN #hexivore. Or you can switch it manually.

Can you explain the format for the data that CarnivorePE outputs?
The format has changed in version 2.2! Please view this diagram. The format is like this: timestamp senderIPaddress:senderPort > receiverIPaddress:receiverPort. Then depending on which flavor you are receiving you will get some combination of packet data after that.

What do the port numbers mean?
Each port represents a different type of communication that's going on. For example, email is on one port, while web pages are on another. You can read a sample /etc/services file to see how to replace specific port numbers to specific services. Yes, there are a lot of them... Here is a shorter list of services to start with.

I launch CarnivorePE and nothing happens...
CarnivorePE is simply a surveillance engine that you run in the background. To actually see something interesting you must install and launch any number of artistic clients.

Where can I download client templates?
From the download page.

Why is CarnivorePE not showing all traffic on my LAN?
Why can I only sniff UDP packets?
This happens when using a switched hub on your LAN. Check your hub/router. If it says "switch" you're out of luck. Switched hubs send data directly to each computer on the LAN rather than broadcasting, essentially disabling the ability to packet sniff other people's TCP traffic. Sucks, huh?

solution #1: put a dumb, unswitched ethernet hub (30 bucks at Best Buy) immediately downstream from your router, then plug all your local machines in to that. You will be able to sniff everything downstream of the unswitched hub.

solution #2: even on a switched hub you will ways be able to sniff the data coming to/from your own machine. so design a client for which this constraint is an asset.

solution #3: TCP is boring, make a client that responds to other kinds of packets =)

Is CarnivorePE open source?
Yes. Email us for the code. The source is covered by the Gnu General Public License.

I'm making a client, can I use the Carnivore logo?
uv courz. here's an eps of the logo, which incidentally was designed by Ryan McGinness

Where can i learn more about TCP/IP, packet sniffing, etc.?
Our favorite two books on TCP/IP are Stevens's TCP/IP Illustrated, Volume 1 (Addison Wesley) and Hall's Internet Core Protocols (O'Reilly). Or try searching on Sniffing FAQ. The RFCs on TCP and IP are also quite interesting and helpful.

Is Carnivore spyware?
Nope. Carnivore does not communicate back to any central server.

Carnivore caps output at 20 packets per second.
Fixed in version 2.2.3. Setting the packet volume to 20 or higher will now result in unlimited packets per second throughput from Carnivore.

CarnivorePE crashes on windows service pack 2
Fixed in version 2.

CarnivorePE crashes on Mac OS X Server
Fixed in version 1.4.2.

Can i use CarnivorePE to steal passwords/email/etc?
Well probably. But you can also go rob banks, cheat, steal and do other stupid illegal shit. If stealing passwords is your lamer pastime, then please leave us out of it. Carnivore is a creative project that, while technologically invasive, is in fact respectful of existing laws and individual privacy. You should be too.

Is CarnivorePE available for Linux?
Yes, we have Linux versions available for download starting with 2.2.2. We've only tested it on Ubuntu but it seems to work well.