====Sniffers====

•   Sniffers monitor network data.
•   A sniffer can be a self-contained software program or a hardware device with the appropriate software or firmware programming.
•   Sniffers usually act as network probes or “snoops”—examining network traffic but not intercepting or altering it.
•   Some sniffers work only with TCP/IP packets, but the more sophisticated tools can work with many other protocols and at lower levels such as the Ethernet frame.


A sniffer is a piece of software that captures the traffic on a network. They are available for several platforms in both commercial and open-source variations. Some of the simplest packages use a command line interface and dump captured data to the screen, while sophisticated ones use GUI, graph traffic statistics, track multiple sessions, and offer configuration options.

Sniffers are also the engines for other programs. Network Intrusion Detection Systems (NIDS) use sniffers to match packets against a rule-set designed to flag anything malicious or strange. Network utilization and monitoring programs often use sniffers to gather data necessary  for metrics and analysis. It is to be noted that sniffers do not intercept or alter the data they capture.

The most common way of networking components is through Ethernet. The Ethernet protocol works by broadcasting packets to all hosts on the network, with the packet header containing the MAC address of the machine that is meant to receive the packet. All others are supposed to ignore it. A NIC (Network Interface Card, also known as an Ethernet card) that is accepting all packets, regardless of the intended machine, is said to be in promiscuous mode. A sniffer is a program that sets the desired NIC into promiscuous mode.

A sniffer attack is commonly used to grab logins and passwords that are traveling around on the network.
This is what is known as a passive attack, because the attacker does not directly interface with any machine which the attacker may be trying to compromise.

Before we can explore how some sniffing tools are used by attackers towards malicious ends, let’s see what enables the tool to work. However, on a LAN, several PCs share a common connection to the Internet. The devices that come into play here include hubs, switches, and routers among others.