Ask the Expert

What should I know before implementing a packet sniffer?

What should I know before implementing a packet sniffer (Visual Basic 6.0 or C), and what steps should I take?

    Requires Free Membership to View

Sniffers are a powerful piece of software. They have the ability to place the hosting system's network card into promiscuous mode. They use programs such as Pcap or WinPcap to accomplish this. These programs are used as an application programming interface (API) for packet-capturing. Sniffers also need to place the computer's network card in promiscuous mode to receive all the data that passes by, not just packets addressed to it. Wireshark is a good example of a packet sniffer. You can try the program for yourself by downloading it from www.wireshark.org.

A packet sniffer on a hub can show you a lot of traffic. Hubs see all the traffic in that particular collision domain. Using a switch changes things as a switch is supposed to be smart enough to know which particular port to send traffic to and block it from all the rest. Sniffing traffic there will require you to span a port so that one port is configured to receive copies of all the packets in the broadcast domain.

This was first published in March 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: