Q

What should I know before implementing a packet sniffer?

Before implementing a packet sniffer learn what you need to know before putting one into your network and where it should go.

What should I know before implementing a packet sniffer (Visual Basic 6.0 or C), and what steps should I take?
Sniffers are a powerful piece of software. They have the ability to place the hosting system's network card into promiscuous mode. They use programs such as Pcap or WinPcap to accomplish this. These programs are used as an application programming interface (API) for packet-capturing. Sniffers also need to place the computer's network card in promiscuous mode to receive all the data that passes by, not just packets addressed to it. Wireshark is a good example of a packet sniffer. You can try the program for yourself by downloading it from www.wireshark.org.

A packet sniffer on a hub can show you a lot of traffic. Hubs see all the traffic in that particular collision domain. Using a switch changes things as a switch is supposed to be smart enough to know which particular port to send traffic to and block it from all the rest. Sniffing traffic there will require you to span a port so that one port is configured to receive copies of all the packets in the broadcast domain.

This was first published in March 2008

Dig deeper on Network Security Best Practices and Products

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close