Packet Sniffer, A Brief Introduction

A packet sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network. They are available for several platforms in both commercial and open-source variations. Some of simplest packages are actually quite easy to implement in C or Perl, use a command line interface and dump captured data to the screen. More complex projects use a GUI, graph traffic statistics, track multiple sessions and offer several configuration options. Packet sniffer are also the engines for other programs. Intrusion Detection Systems (IDS) use packet sniffer to match packets against a rule-set designed to flag anything malicious or strange. Network utilization and monitoring programs often use packet sniffer to gather data necessary for metrics and analysis. Law enforcement agencies that need to monitor email during investigations, likely employ a packet sniffer designed to capture very specific traffic.

A packet sniffer can be an invaluable tool for administrators, security professionals, programmers and even beginners. They are excellent utilities for troubleshooting any type of network problem, since they provide a window into local traffic. I personally have used packet sniffer on multiple occasions for security work and once discovered a compromised machine that periodically sent updates to a cracker. For network programming, a packet sniffer is a necessity for debugging in the development stages. Packet sniffer are an outstanding resource for the curious beginner, who hopes to understand both networks and security. Nothing can bring you closer to what really happens, when computers communicate, than these tools.

It should be noted that the casual user should be very cautious when, where and how they use these programs. Never employ packet sniffer on a local network without checking with an administrator. It's best to try these techniques at home, or on a network you run.