Problem solve Get help with specific problems with your technologies, process and projects.

What is a network sniffer?

What is a network sniffer? How can I understand broadcast and multicast packets that might be flooding the network?
A network sniffer is an administrator's 'best friend' and I'll explain why.

It's basically a program that allows you to 'sniff' (hence the term 'sniffer') data off your local network, examining packets that are running between your computers.

In addition, when your dealing with a problem in your network, a packet sniffer will 'show' you exactly what is happening on the network. From then on, with the appropriate level of knowledge, you'll be able to determine the source of the problem. Keep in mind that a packet sniffer won't tell you what the problem is, but only show you what's happening.

On another note, in the good old days where hubs were used to connect all networking devices in an office, sniffing the network was a pretty easy job. With today's switches, its somewhat more troublesome because of the way switches work – i.e. they do not replicate packets out of all ports (for more information you can check http://www.firewall.cx/hubs.php and http://www.firewall.cx/switches.php). This is also one reason I always carry a hub with me – I can plug it between the two end points I need to monitor and do my job without any problems!

While there are number of packet sniffers out there, you need to take a good look at a few and decide which one suits you best. Each sniffer has its positive and negative points, but it all depends on the job you want to do with it and how demanding you are from such a product.

In closing, you'll be able to find out if you've got a problem with broadcast and multicast packets if you simply run a sniffer on your network and observe the packets your receiving. Broadcast packets are easily identified as they contain "FF:FF:FF:FF:FF" as their destination MAC address or "" as their destination IP address. Generally you'll see some traffic depending in the size of your network and the protocols/services your running.

This was last published in August 2005

Dig Deeper on Network management and monitoring