If one familiarizes themselves with how packets are structured, it soon becomes apparent that there are all sorts of places to squeeze extra information in that does not alter the packet in any way that prevents communication and yet allows for the transmission of information that will be “invisible” to most.
For example let’s pretend this is how a pretend packet is structured.
[ Destination | Source | Packet Length | Sequence | Checksum | Options | Data ]
Each field has a set bit length and can be used to transmit information as a normal method of communication. Perhaps a connection to a mail server, web site, IM session or any other number of methods of communications.
The idea is that you fit your extra bits into portions of the packet that don’t alter the usage or outcome in their normal day to day transmission. In this pseudo-packet perhaps in the [Options] field. Then your packets can stream along just like they normally would, but if you knew what you were looking for you could also be communicating alternative information without interfering or even being particularly noticeable to the rest of the world.
Such is the idea behind The DNS Dead Drop. There are a few more critical points about DNS that make this possible. However, it is a working example of how to hide and communicate data in the wild implemented in Python. Cool!
