What should I know before implementing a packet sniffer?
What should I know before implementing a packet sniffer (Visual Basic 6.0 or C), and what steps should I take?
Sniffers are a powerful piece of software. They have the ability to place the hosting system's network card into promiscuous mode. They use programs such as Pcap or WinPcap to accomplish this. These programs are used as an application programming interface (API) for packet-capturing. Sniffers also need to place the computer's network card in promiscuous mode
to receive all the data that passes by, not just packets addressed to it. Wireshark is a good example of a packet sniffer. You can try the program for yourself by downloading it from www.wireshark.org
A packet sniffer on a hub can show you a lot of traffic. Hubs see all the traffic in that particular collision domain. Using a switch changes things as a switch is supposed to be smart enough to know which particular port to send traffic to and block it from all the rest. Sniffing traffic there will require you to span a port so that one port is configured to receive copies of all the packets in the broadcast domain.
This was first published in March 2008