CompTIA Certifications

CompTIA Network+ 2009 Domain 5: Network Tools

Network Scanners

Network scanners are used for a variety of purposes for network administrators including troubleshooting, security, and network monitoring. We’re going to review packet sniffers, intrusion detection software, intrusion prevention software, and port scanners.

Packet Sniffers

A packet is a small piece of data. A packet sniffer, also called a packet analyzer, is a software application or piece of hardware that can intercept and log data as traffic passes over a network. The sniffer records each packet and analyzes it that travels over a certain network. A packet sniffer can monitor a lot of data traversing a network from any computer on the network, but many network switches contain a monitoring port which mirrors traffic flowing over the network so it can be logged and analyzed at a single point. On wired networks, a packet sniffer requires a physical connection to the network, on a wireless network, a packet sniffer can read data on a wireless channel.

A packet sniffer can be used to:

  • Analyze network problems
  • Detect security intrusions
  • Document regulatory compliance
  • Analyze internal user security violations
  • Gain information for network intrusion
  • Gather network statistics
  • Debug network protocol problems
  • Debug client/server problems
  • Record user passwords
  • Verify internal controls

For the Network+ Exam

You need to be aware of the potential uses for a packet sniffer, why a network administrator would have one in their arsenal of tools, and when would be the best time to use it. You are not tested on the actual usage of a packet sniffer, but you need to be aware of when and how you would use it.