Which FW protects my laptop from being sniffed datas without using VPN?

Hello,
In a LAN or a Wifi Hotspot, I don't want people can sniff my data like instant messaging, web page I visit... So which firewall can protect me? I don't want to use VPN. Thanks a lot!

PS: Sorry for my bad English.

 

Firewalls help control inbound and outbound port use on your PC but don't do data packet encryption. To do what you want you need a VPN or the website you connect to needs SSL (https in the URL) enabled.

 

Thanks! I understand now ^^

 

Especially when using an open Wifi hotspot (without any data encryption), you will have to make sure yourself about which sites offer SSL login (but also send cookies over unencrypted http back to you) and those sites that offer full SSL sessions like GMail and Hotmail.

To avoid any issues, simply don't use sites/services that don't offer full SSL and personal data is involved, if you use any open/unencrypted Wifi Hotspot connection.

 

If my Wifi uses WEP or WPA, WPA2, will I be secured from being sniffed data?
One more question, in a LAN, can people sniff my data?

 

nothing safe with encrypted wifi anymore, thanks to the man-in-the-middle vulnerability, you are safe against someone outside your network, once into your local network anything can be done, VPN is the best solution.

http://news.softpedia.com/news/WPA2-Vulnerability-Allows-for-Man-in-the-Middle-Attacks-149052.shtml

 

Surely this does not apply to the average home user environment.

The flaw, mentioned in the link, named Hole 196;
'lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.' link.

VPNs are excellent, I agree, for outside of the home but the average home user with a WPA connection, or even better WPA2 AES, doesn't need to be worried about this vulnerability.
Like you wrote yourself, one is safe against attackers from the outside so 'nothing is safe' sounds a bit stretched.

 

If you meant the sniffer suspect is 3rd party suspect not the hotspot/net provider, you just need anti arp program installed or use blacklist arp snooping feature on your preferred firewall, this is a flaw in ipv4 design, if you are a provider you need thousand dollar router to prevent arp snooping(dynamic arp inspection), or you could use linux or bsd and run anti free dynamic arp inspection program on it, you will be free from those people who use arp snooping to sniffing you, but if you meant the hotspot provider, you have no other choice like others here said to use VPN(if the provider doesn't block it).