Packet sniffer
|
|
Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network, the program captures each packet and eventually decodes its content following the RFC or other specifications. Depending on the network structure (hub or switch) one can sniff all or only parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches. One of them is ARP spoofing. The special network device driver used for some packet sniffing software is said to operate in "promiscuous mode" as it listens to everything (on the wire).
The versatility of packet sniffers means they can be used to:
- Troubleshoot a network
- Detect network intrusion attempts
- Monitor the network usage and filter for suspect content
- Spy on other network users and attempt to collect their passwords
- Reverse engineer protocols used over the network
See also: Wireless sniffer
Well-known packet sniffers
External links
- Packet Sniffing FAQ (by Robert Graham) (http://www.robertgraham.com/pubs/sniffing-faq.html)
- PacketDefense (http://www.packetdefense.com)
- Sniffer - Basics and Detection (http://www.rootshell.be/~dhar/downloads/Sniffers.pdf)
- Packet Sniffers:
- Network General - Sniffer (the original packet sniffer) (http://www.networkgeneral.com)
- Ultra Network (http://www.gjpsoft.com/UltraNetSniffer)
- Packet sniffer (http://www.sniff-em.com)
- WinDump (http://www.winpcap.org/windump/)
- Analyzer (http://analyzer.polito.it/)
- Packetyzer (http://www.packetyzer.com/)
- IPDump2, a portable packet sniffer (http://www.cr0.net:8040/code/network/)
- WildPackets EtherPeek and AiroPeek (http://www.wildpackets.com/products/)de:Sniffer
fr:Packet sniffer id:Sniffer Paket jv:Sniffer Paket pl:Sniffer ru:Sniffer