Packet analyzer: Difference between revisions

Content deleted Content added

Inline

Revision as of 00:20, 9 December 2005

Packet sniffers (also known as network analyzers or Ethernet sniffers) are software programs (usually) or computer hardware which can intercept and log traffic passing over a computer network or part of a network. As data streams back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications. Depending on the network structure (hub or switch) one can sniff all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called monitoring port (it mirrors all packets passing through all ports of the switch).

The special network device driver used for some packet sniffing software is said to operate in "promiscuous mode" as it listens to everything on the wire.

The versatility of packet sniffers means they can be used to:

Analyse network problems
Detect network intrusion attempts
Gain information for effecting a network intrusion
Monitor network usage
Filter suspect content from network traffic
Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
Reverse engineer protocols used over the network

See also: Wireless sniffer

Well-known packet sniffers

External links

Free/open source packet sniffers:

Commercial packet sniffers:

@@ Line 14: / Line 14: @@
 ==Well-known packet sniffers==
+*[[Network General]]
 *[[tcpdump]]
 *[[Ethereal]]