Packet sniffer - Definition and Overview

Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network, the program captures each packet and eventually decodes its content following the RFC or other specifications. Depending on the network structure (hub or switch) one can sniff all or only parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches. One of them is ARP spoofing. The special network device driver used for some packet sniffing software is said to operate in "promiscuous mode" as it listens to everything (on the wire).

The versatility of packet sniffers means they can be used to:

• Troubleshoot a network
• Detect network intrusion attempts
• Monitor the network usage and filter for suspect content
• Spy on other network users and attempt to collect their passwords
• Reverse engineer protocols used over the network

See also: Wireless sniffer

Well-known packet sniffers

• tcpdump
• Ethereal
• Ettercap
• dSniff

External links

• Packet Sniffing FAQ (by Robert Graham) (http://www.robertgraham.com/pubs/sniffing-faq.html)
• PacketDefense (http://www.packetdefense.com)
• Sniffer - Basics and Detection (http://www.rootshell.be/~dhar/downloads/Sniffers.pdf)

• Packet Sniffers:
  • Sniffer (the original packet sniffer) (http://www.sniffer.com/)
  • Ultra Network (http://www.gjpsoft.com/UltraNetSniffer)
  • Packet sniffer (http://www.sniff-em.com)
  • tcpdump (http://www.tcpdump.org/)
  • WinDump (http://windump.polito.it/)
  • Analyzer (http://analyzer.polito.it/)
  • The Ethereal Network Analyzer (http://www.ethereal.com)
  • Packetyzer (http://www.packetyzer.com/)
  • Network General - Sniffer Technologies (http://www.networkgeneral.com)
  • IPDump2, a portable packet sniffer (http://www.cr0.net:8040/code/network/)