Sniffer

Sniffers: there are sniffers for every type of network media. Ethernet is the most common network architecture. An Ethernet sniffer is a software that works with the network interface card (NIC) to capture all the traffic of the listening system, rather than only the traffic addressed t the sniffing host. An Ethernet network interface controller (NIC) will discard any traffic not specifically addressed to itself or the network broadcast address, so the card must be put in a special state called promiscuous mode to enable it to receive all packets floating by on the wire. The sniffer software can capture and analyze any traffic that pass through the local Ethernet segment if NIC is in promiscuous mode. This limits the range of a sniffer somewhat because it will not be able to listen to traffic outside of the local network’s collision domain (beyond routers, switches, or other segmenting devices). Clearly, a sniffer placed on a backbone, internetwork link, or other network aggregation point will be able to monitor a greater volume of traffic than one placed on an isolated Ethernet segment [1]. Some popular sniffers freely available are: Dsniff, Snort, Wireshark, Tcpdump 3.x, etc.