العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolPACKET SNIFFER
(Redirected from Sniffer)
A 'packet sniffer' (also known as a 'network analyzer' or 'protocol analyzer' or, for particular types of networks, an 'Ethernet sniffer' or 'wireless sniffer') is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications.
On wired broadcast LANs, depending on the network structure (hub or switch), one can capture traffic on all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called ''monitoring port'', whose purpose is to mirror all packets passing through all ports of the switch.
On wireless LANs, one can capture traffic on a particular channel.
On wired broadcast and wireless LANs, in order to capture traffic other than unicast traffic sent to the machine running the sniffer software, multicast traffic sent to a multicast group to which that machine is listening, and broadcast traffic, the network adapter being used to capture the traffic must be put into promiscuous mode; some sniffers support this, others don't. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the service set for which the adapter is configured will usually be ignored; in order to see those packets, the adapter must be put into monitor mode.
The versatility of packet sniffers means they can be used to:
★ Analyze network problems.
★ Detect network intrusion attempts.
★ Gain information for effecting a network intrusion.
★ Monitor network usage.
★ Gather and report network statistics.
★ Filter suspect content from network traffic.
★ Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
★ Reverse engineer protocols used over the network.
★ Debug client/server communications.
★ Debug network protocol implementations.
★ A packet sniffer for a token ring network could detect that the token has been lost or the presence of too many tokens (verifying the protocol).
★ A packet sniffer could detect that messages are being sent to a network adapter; if the network adapter did not report receiving the messages then this would localize the failure to the adapter.
★ A packet sniffer could detect excessive messages being sent by a port, detecting an error in the implementation.
★ A packet sniffer could collect statistics on the amount of traffic (number of messages) from a process detecting the need for more bandwidth or a better method.
★ A packet sniffer could be used to extract messages and reassemble into a complete form the traffic from a process, allowing it to be reverse engineered.
★ A packet sniffer could be used to diagnose operating system connectivity issues like web,ftp,sql,active directory,etc.
★ A packet sniffer could be used to analyse data sent to and from secure systems in order to understand and circumvent security measures, for the purposes of penetration testing or illegal activities.
★ A packet sniffer can passively capture data going between a web visitor and the web servers, decode it at the HTTP and HTML level and create web log files as a substitute for server logs and page tagging for web analytics.
★ Colasoft Capsa
★ CommView and CommView for WiFi
★ dSniff
★ Ettercap
★ Frontline Test Equipment
★ Kismet
★ MetronomeLabs Passive Data Capture for Web Analytics
★ Microsoft Network Monitor
★ NetStumbler
★ Netmon Professional Edition
★ Network Instruments Observer
★ Open Source Packet Sniffer Open Source Packet Sniffer
★ NetworkActiv PIAFCTM
★ Network General Sniffer
★ NetworkMiner
★ Packet Analyzer
★ snoop (part of Solaris)
★ tcpdump
★ WildPackets AiroPeek, EtherPeek, and OmniPeek
★ Winsock Packet Editor
★ Wireshark (formerly known as Ethereal)
★ WiFi Analyzer and Wifi Scanner for WiFi
★ KSniffer
★ Comparison of packet sniffers
★ Network tap
★ Remote World
★ Logic analyzer
★ Packet Sniffing FAQ by Robert Graham
★ Sniffer - Basics and Detection
★ Video Tutorials on Sniffer Programming using Raw Sockets
★ A Quick Intro to Sniffers
A 'packet sniffer' (also known as a 'network analyzer' or 'protocol analyzer' or, for particular types of networks, an 'Ethernet sniffer' or 'wireless sniffer') is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications.
| Contents |
| Capabilities |
| Uses |
| Example uses |
| Well-known packet sniffers |
| See also |
| External links |
Capabilities
On wired broadcast LANs, depending on the network structure (hub or switch), one can capture traffic on all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called ''monitoring port'', whose purpose is to mirror all packets passing through all ports of the switch.
On wireless LANs, one can capture traffic on a particular channel.
On wired broadcast and wireless LANs, in order to capture traffic other than unicast traffic sent to the machine running the sniffer software, multicast traffic sent to a multicast group to which that machine is listening, and broadcast traffic, the network adapter being used to capture the traffic must be put into promiscuous mode; some sniffers support this, others don't. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the service set for which the adapter is configured will usually be ignored; in order to see those packets, the adapter must be put into monitor mode.
Uses
The versatility of packet sniffers means they can be used to:
★ Analyze network problems.
★ Detect network intrusion attempts.
★ Gain information for effecting a network intrusion.
★ Monitor network usage.
★ Gather and report network statistics.
★ Filter suspect content from network traffic.
★ Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
★ Reverse engineer protocols used over the network.
★ Debug client/server communications.
★ Debug network protocol implementations.
Example uses
★ A packet sniffer for a token ring network could detect that the token has been lost or the presence of too many tokens (verifying the protocol).
★ A packet sniffer could detect that messages are being sent to a network adapter; if the network adapter did not report receiving the messages then this would localize the failure to the adapter.
★ A packet sniffer could detect excessive messages being sent by a port, detecting an error in the implementation.
★ A packet sniffer could collect statistics on the amount of traffic (number of messages) from a process detecting the need for more bandwidth or a better method.
★ A packet sniffer could be used to extract messages and reassemble into a complete form the traffic from a process, allowing it to be reverse engineered.
★ A packet sniffer could be used to diagnose operating system connectivity issues like web,ftp,sql,active directory,etc.
★ A packet sniffer could be used to analyse data sent to and from secure systems in order to understand and circumvent security measures, for the purposes of penetration testing or illegal activities.
★ A packet sniffer can passively capture data going between a web visitor and the web servers, decode it at the HTTP and HTML level and create web log files as a substitute for server logs and page tagging for web analytics.
Well-known packet sniffers
★ Colasoft Capsa
★ CommView and CommView for WiFi
★ dSniff
★ Ettercap
★ Frontline Test Equipment
★ Kismet
★ MetronomeLabs Passive Data Capture for Web Analytics
★ Microsoft Network Monitor
★ NetStumbler
★ Netmon Professional Edition
★ Network Instruments Observer
★ Open Source Packet Sniffer Open Source Packet Sniffer
★ NetworkActiv PIAFCTM
★ Network General Sniffer
★ NetworkMiner
★ Packet Analyzer
★ snoop (part of Solaris)
★ tcpdump
★ WildPackets AiroPeek, EtherPeek, and OmniPeek
★ Winsock Packet Editor
★ Wireshark (formerly known as Ethereal)
★ WiFi Analyzer and Wifi Scanner for WiFi
★ KSniffer
See also
★ Comparison of packet sniffers
★ Network tap
★ Remote World
★ Logic analyzer
External links
★ Packet Sniffing FAQ by Robert Graham
★ Sniffer - Basics and Detection
★ Video Tutorials on Sniffer Programming using Raw Sockets
★ A Quick Intro to Sniffers
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
