1.1.10 Sniffer

A sniffer is a network analysis tool to help you locate network problems. It consists of a well-integrated set of functions that can resolve network problems. Sniffers can list network packets in real-time from multiple network card (Include Modem, ISDN, ADSL) and can support capturing packets based on applications and protocols e.g. Ethernet, IP, TCP, UDP, PPPOE, HTTP, FTP, WINS, PPP, SMTP, POP3.

Sniffers (also known as network monitors) helps troubleshoot network problems.

A sniffer can be a self-contained software program or a hardware device with the appropriate software or firmware programming. Sniffers usually act as network probes or "snoops." They examine network traffic, making a copy of the data without redirecting or altering it.

Network-monitoring system usually consists of a PC with a NIC (running in promiscuous mode) and monitoring software.

References:

• http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm
• http://www.colasoft.com/resources/network-sniffer.php
• CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney