Hiding information in network traffic may lead to leakage of confidential
information. In this paper we introduce a new steganographic system: the
PadSteg (Padding Steganography). To authors' best knowledge it is the first
information hiding solution which represents interprotocol steganography i.e.
usage of relation between two or more protocols from the TCP/IP stack to enable
secret communication. PadSteg utilizes ARP and TCP protocols together with an
Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret
communication for hidden groups in LANs (Local Area Networks). Basing on real
network traces we confirm that PadSteg is feasible in today's networks and we
estimate what steganographic bandwidth is achievable while limiting the chance
of disclosure. We also point at possible countermeasures against PadSteg.