What is a "packet sniffer"?
A packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic. Like a telephone wiretap allows the FBI to listen in on other people's conversations, a "sniffing" program lets someone listen in on computer conversations.
However, computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as "protocol analysis", which allow them to "decode" the computer traffic and make sense of it.
Sniffing also has one advantage over telephone wiretaps: many networks use "shared media". This means that you don't need to break into a wiring closet to install your wiretap, you can do it from almost any network connection to eavesdrop on your neighbors. This is called a "promiscuous mode" sniffer. However, this "shared" technology is moving quickly toward "switched" technology where this will no longer be possible, which means you will have to actually tap into the wire.
Is "packet sniffer" trademarked?
The word "sniffer" is a registered trademark by Network Associates referring to the "Sniffer(r) Network Analyzer". However, the term "snif" is used in many other products (some of which are listed in this document) and the term "sniffer" is more popular in everyday usage than alternatives like "protocol analyzer" or "network analyzer" (as far as my search on AltaVista reveals). I'm not sure what this means in trademark law, where brandnames like "aspirin", "escalator", and "cellophane" lose their distinctiveness over time.
What is it used for?
Sniffing programs have been around for a long time in two forms. Commercial packet sniffers are used to help maintain networks. Underground packet sniffers are used to break into computers.
Typical uses of such wiretap programs include:
Automatic sifting of clear-text passwords and usernames from the network. Used hackers/crackers in order to break into systems.
Conversion of data to human readable format so that people can read the traffic
Fault analysis to discover problems in the network, such as why computer A can't talk to computer B
Performance analysis to discover network bottlenecks
Network intrusion detection in order to discover hackers/crackers (see http://web.archive.org/web/20050221103207/http://www.robertgraham.com/pubs/network-intrusion-detection.html
Network traffic logging, to create logs that hackers can't break into and erase.
Other reviews @
