It's basically a program that allows you to 'sniff' (hence the term 'sniffer') data off your local network, examining packets that are running between your computers.
In addition, when your dealing with a problem in your network, a packet sniffer will 'show' you exactly what is happening on the network. From then on, with the appropriate level of knowledge, you'll be able to determine the source of the problem. Keep in mind that a packet sniffer won't tell you what the problem is, but only show you what's happening.
On another note, in the good old days where hubs were used to connect all networking devices in an office, sniffing the network was a pretty easy job. With today's switches, its somewhat more troublesome because of the way switches work – i.e. they do not replicate packets out of all ports (for more information you can check http://www.firewall.cx/hubs.php and http://www.firewall.cx/switches.php). This is also one reason I always carry a hub with me – I can plug it between the two end points I need to monitor and do my job without any problems!
While there are number of packet sniffers out there, you need to take a good look at a few and decide which one suits you best. Each sniffer has its positive and negative points, but it all depends on the job you want to do with it and how demanding you are from such a product.
In closing, you'll be able to find out if you've got a problem with broadcast and multicast packets if you simply run a sniffer on your network and observe the packets your receiving. Broadcast packets are easily identified as they contain "FF:FF:FF:FF:FF" as their destination MAC address or "255.255.255.255" as their destination IP address. Generally you'll see some traffic depending in the size of your network and the protocols/services your running.
Dig Deeper on Network management and monitoring
Related Q&A from Chris Partsenidis
A half-duplex transmission could be considered a one-way street between sender and receiver. Full-duplex, on the other hand, enables two-way traffic ... Continue Reading
SFP ports enable Gigabit switches to connect to a wide variety of fiber and Ethernet cables in order to extend switching functionality throughout the... Continue Reading
A MAC address and an IP address each identify network devices, but they do the job at different levels. Explore the differences between the two and ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.