Network scanners are used for a variety of purposes for network administrators including troubleshooting, security, and network monitoring. We’re going to review packet sniffers, intrusion detection software, intrusion prevention software, and port scanners.
A packet is a small piece of data. A packet sniffer, also called a packet analyzer, is a software application or piece of hardware that can intercept and log data as traffic passes over a network. The sniffer records each packet and analyzes it that travels over a certain network. A packet sniffer can monitor a lot of data traversing a network from any computer on the network, but many network switches contain a monitoring port which mirrors traffic flowing over the network so it can be logged and analyzed at a single point. On wired networks, a packet sniffer requires a physical connection to the network, on a wireless network, a packet sniffer can read data on a wireless channel.
A packet sniffer can be used to:
- Analyze network problems
- Detect security intrusions
- Document regulatory compliance
- Analyze internal user security violations
- Gain information for network intrusion
- Gather network statistics
- Debug network protocol problems
- Debug client/server problems
- Record user passwords
- Verify internal controls
For the Network+ Exam
You need to be aware of the potential uses for a packet sniffer, why a network administrator would have one in their arsenal of tools, and when would be the best time to use it. You are not tested on the actual usage of a packet sniffer, but you need to be aware of when and how you would use it.