September 6th, 2003, 10:19 AM
Hi.. I have a Question
What's the main purpose of the sniffer(entire)?
as far as i know, it leechs the flow of packet from the network....or somthing like that
Can someone help me with this question.....
September 6th, 2003, 10:56 AM
Sniffers pick up all the traffic they can see on the network for future analysis. I say all the traffic they can see because on a switched network they will only be able to see a limited amount of the whole.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
September 6th, 2003, 11:03 AM
so,. what sort of data that's often or the mainstream while sniffing ah
September 6th, 2003, 11:05 AM
Packet sniffers can be used for a variety of purposes, some of them benign, some of them malicious. The main use of packet sniffers for wrong doing is to scan target networks for vulnerabilities and gaps in security
September 6th, 2003, 11:08 AM
A common purpose of sniffers is to do IDS - intrusion detection.
A machine on an appropriate network segment will look for patterns of traffic which are usually associated with intrusion attempts, and report them.
Traffic analysis is another common reason.
Programs like ethereal are also commonly used to diagnose problems - for example performance issues, or reliability problems with particular protocols.
Unfortunately blackhats sometimes use sniffers to grab passwords etc from protocols which don't have adequate encryption. TCP hijacking and the like are also possible.
September 6th, 2003, 06:06 PM
Also just to add to what others have stated, before you can appreciate the information a sniffer (protocol analyzer) can offer you, it is important to understand or atleast have a comfortable feeling with the inner workings of how TCP/IP works (assuming you are capturing TCP/IP packets ).
Anyone can use a protocol analyzer and capture packets, however not everyone can make accurate analysis of the capture.. Understand the details of the TCP/IP protocols first, and you will really appreciate using a "sniffer".
September 7th, 2003, 03:52 PM
Just wondering: is a sniffer only used on networks or is it possible to use them to grab internet traffic?
Somehow it seems rather impossible to me to install a sniffer somewhere on the www.
September 7th, 2003, 11:23 PM
"Sniffer" technology is famous for helping to determine why a network is too slow and/or why something is not working properly. Many top notch sniffer packages include summaries of high-layer protocols contained in the frame/s, the time of the capture and the source IP. This type of "Network Analysis" provides the network admin a host of tools and details to capture and decode data on the network, analyze network activity by specific protocols, network stats, and patterns.
According to many experts; to be a successful network admin using Sniffer, you need a strong understanding of network protocols. This will help you understand and recognize odd issues when they occur on your target network.
Check out this link for a nice cert.