This section explains how a sniffer grabs all the traffic on the network, and does what it is best at!!
- In a network, all network interfaces on a network segment have access to all of the data that travels on the media.
- The broadcast nature of shared media networks affects network performance and reliability so greatly that networking professionals use a network analyzer, or sniffer, to troubleshoot problems.
- In the hands of an experienced system administrator, a sniffer is an invaluable aid in determining why a network is behaving (or misbehaving) the way it is.
- A sniffer puts a network interface in promiscuous mode so that the sniffer can monitor each data packet on the network segment.
- With an analyzer, you can determine how much of the traffic is due to which network protocols, which hosts are the source of most of the traffic, and which hosts are the destination of most of the traffic.
- You can also examine data traveling between a particular pair of hosts and categorize it by protocol and store it for later analysis offline.
- Most commercial network sniffers are rather expensive, costing thousands of dollars. When you examine these closely, you notice that they are nothing more than a portable computer with an Ethernet card and some special software. The only item that differentiates a sniffer from an ordinary computer is software.
- It is easy to download shareware and freeware sniffing software.
- The easy availability of this software also means that malicious computer users with access to a network can capture all the data flowing through the network.
- The sniffer can capture all the data for a short period of time or selected portions of the data for a fairly long period of time.
No comments:
Post a Comment