Problem solve Get help with specific problems with your technologies, process and projects.

What should I know before implementing a packet sniffer?

Before implementing a packet sniffer learn what you need to know before putting one into your network and where it should go.

What should I know before implementing a packet sniffer (Visual Basic 6.0 or C), and what steps should I take?
Sniffers are a powerful piece of software. They have the ability to place the hosting system's network card into promiscuous mode. They use programs such as Pcap or WinPcap to accomplish this. These programs are used as an application programming interface (API) for packet-capturing. Sniffers also need to place the computer's network card in promiscuous mode to receive all the data that passes by, not just packets addressed to it. Wireshark is a good example of a packet sniffer. You can try the program for yourself by downloading it from www.wireshark.org.

A packet sniffer on a hub can show you a lot of traffic. Hubs see all the traffic in that particular collision domain. Using a switch changes things as a switch is supposed to be smart enough to know which particular port to send traffic to and block it from all the rest. Sniffing traffic there will require you to span a port so that one port is configured to receive copies of all the packets in the broadcast domain.

This was last published in March 2008

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.