A network packer sniffer(s), also known as a packet analyzer, network analyzer, or wireless sniffer, is a computer program or a type of computer hardware that listens for, intercepts, and logs traffic that passes over a digital network. The information that is obtained by a packet sniffer is typically used in order to determine if there are any erroneous or unusual packets so that effective network data transmission is maintained.
Simply put, a packet analyzer or sniffer will capture any packets of data that goes through a computer network. You can liken packet sniffing with computer networks to telephone wire tapping. When packet sniffing is used legitimately, the primary function of the software or device is to monitor the performance of a network and/or troubleshoot any problems that have come up with over the network. Additionally, depending on whether or not the network is a switch or hub, the sniffer may be able to capture traffic on all or parts of the network using one device or software program. Some administrators find that simply sniffing data or traffic from one network or subnet is not as advantageous as being able to get information from other networks. This can be accomplished using what is called a monitoring port.
The packets of data that are obtained or captured, is then decoded from the its digital form into a format that is readable to humans. The administrator is then able to read the information that is being passed between networks. With this information, the administrator is able to detect errors and decipher the root cause of those errors so that he or she can fix it.
There are some packet sniffers that can create traffic and by doing so will become what is called a reference device. These reference devices will serve as a protocol tester. A protocol tester will then generate protocol-correct traffic that is used for functional testing. The purpose of this false traffic creation is to purposely introduce errors in order to find out how well the sniffer can deal with actual error conditions.
Packet sniffers are used for a variety of purposes but chief among them is analyzing network problems. However, sniffing can also detect network misuse and intrusion attempts, debug server communications, monitor any data in motion and network usage, isolate any exploited systems, gather network statistics, filter any suspicious content from network traffic, and serve as a primary data source for network monitoring.
