What should I know before implementing a packet sniffer?

What should I know before implementing a packet sniffer?

What should I know before implementing a packet sniffer (Visual Basic 6.0 or C), and what steps should I take?

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchNetworking.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchNetworking.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Sniffers are a powerful piece of software. They have the ability to place the hosting system's network card into promiscuous mode. They use programs such as Pcap or WinPcap to accomplish this. These programs are used as an application programming interface (API) for packet-capturing. Sniffers also need to place the computer's network card in promiscuous mode to receive all the data that passes by, not just packets addressed to it. Wireshark is a good example of a packet sniffer. You can try the program for yourself by downloading it from www.wireshark.org.

A packet sniffer on a hub can show you a lot of traffic. Hubs see all the traffic in that particular collision domain. Using a switch changes things as a switch is supposed to be smart enough to know which particular port to send traffic to and block it from all the rest. Sniffing traffic there will require you to span a port so that one port is configured to receive copies of all the packets in the broadcast domain.

This was first published in March 2008