Monday, August 21, 2006
Packet sniffer
A Packet sniffer (also known as network or protocol analyzer or Ethernet sniffer) is computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications. Depending on the network structure (hub or switch) one can sniff all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called monitoring port (it mirrors all packets passing through all ports of the switch).
The special network device driver used for some packet sniffing software is said to operate in "promiscuous mode" as it listens to everything on the wire.
