Packet Sniffer
Encyclopedia : P : PA : PAC : Packet Sniffer
Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications. Depending on the network structure (hub or switch) one can sniff all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called monitoring port (it mirrors all packets passing through all ports of the switch).
The special network device driver used for some packet sniffing software is said to operate in "promiscuous mode" as it listens to everything on the wire.
The versatility of packet sniffers means they can be used to:
- Analyse network problems.
- Detect network intrusion attempts.
- Gain information for effecting a network intrusion.
- Monitor network usage.
- Gather and report network statistics.
- Filter suspect content from network traffic.
- Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
- Reverse engineer protocols used over the network.
- Debug client/server communications.
Example uses
- A packet sniffer for a token ring network could detect that the token has been lost or the presence of too many tokens (verifying the protocol).
- A packet sniffer could detect that messages are being sent to a NIC, if the NIC did not report receiving the messages then this would localize the failure to the NIC.
- A packet sniffer could detect excessive messages being sent by a port, detecting an error in the implementation.
- A packet sniffer could collect statistics on the amount of traffic (number of messages) from a process detecting the need for more bandwidth or a better method.
- A packet sniffer could be used to extract messages and reassemble into a compete form the traffic from a process, allowing it to be reverse engineered.
Well-known packet sniffers (Alphabetical)
- AiroPeek
- dSniff
- EtherPeek
- Ethereal
- Ettercap
- Network General Sniffer
- Network Instruments Observer
- OmniPeek
- PRTG
- snoop (Solaris)
- tcpdump
- Wireshark (Fork of Ethereal)
See also
External links
- Free software/open source packet sniffers:
- *[Analyzer]
- *[IPDump2, a portable packet sniffer]
- *[Packetyzer]
- *[RUMINT, a graphical packet sniffer]
- *[snoop], which is part of OpenSolaris
- *[tcpdump]
- *[WinDump]
- *[Wireshark]
- Commercial packet sniffers:
- *[Agilent Network Analyzers] - before: Hewlett-Packard Internet Advisor
- *[Hammer Call Analyzer]
- *[Network General – Sniffer (the original packet sniffer)]
- *[Netmon Monitoring Suite – Appliance-based system offering layer 2,3 and 4 protocol analysis]
- *[CommView]
- *[NetworkActiv PIAFCTM 1.5.x] (freeware)
- *[NetworkActiv PIAFCTM]
- *[Ultra Network]
- *[WildPackets EtherPeek, AiroPeek, OmniPeek]
- *[OmniPeek Personal] (free for personal use)
- *[Distinct Network Monitor]
- *[Microsoft Network Monitor] (version bundled with server editions of Windows)
- *[Microsoft Network Monitor] (version that comes with Microsoft Systems Management Server)
- *[NetWitness - Network Monitor, Intrusion Analysis]
From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.