A Sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Network operations and maintenance personnel use a Sniffer to monitor network traffic, analyze packets, watch network resource utilization, conduct forensic analysis of network security breaches and troubleshoot network problems. Unauthorized Sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.

Sniffer as a product was originally created by Network General, which was acquired by Network Associates. Network Associates now has spun off the Sniffer product unit to an independent company, which has been re-named Network General again. Sniffer actually is a trade-marked product brand of Network General. However, due to its popularity among IT professionals, Sniffer is widely used for all products that perform network traffic capture and analysis.

There are many Sniffer-like products on the market. The market size is nearly one billion dollars. There are two basic types of sniffers: Portable and Distributed.

Portable sniffers are stand-alone devices or software that can be installed in a PC. Portable sniffers can perform data capture and both real-time and play back data analysis. The price of portable sniffers range from a few hundred dollars to tens of thousands of dollars, depending on the vendor, the network (Ethernet, Gigabit Ethernet, Optical media, WAN links, etc.) to monitor and the types of data analysis done. A portable sniffer is typically used by small companies or field engineers of larger companies. The core technologies for portable sniffer are well established: packet capture and analysis. Different vendors have their own specialties to conduct the analysis, such as simple protocol analysis, packet re-construction into original messages, Expert Analysis, etc.

Distributed sniffer have two parts: a Monitoring Probe, which is a device or software program deployed at various points in the network; and a Consol, which is a software package installed in the Network Operation Center (NOC) to centrally monitor all Probes. The Distributed sniffer is typically deployed by large enterprises to monitor their networks from a centralized location such as a NOC. The cost of deploying the distributed sniffer ranges from tens of thousands of dollars to millions of dollars. In addition to packet capturing and analysis, the distributed sniffer also retrieves and uses SNMP and RMON data for additional network information.

The leading vendors in the portable sniffer include: Network General, Agilent Technologies, Wildpackets and Javvin Technologies. The leading vendors in the distributed sniffer include Network General and Netscout. There are also open source programs, such as Ethereal, available for public usage. The network sniffer is also called a network protocol analyzer, packet analyzer, network sniffing tool, network analyzer, etc.

Related Terms: Protocol Analyzer, Protocol Analysis, Packet Analyzer

Reference Links:
http://www.javvin.com/packet.html: Packet Analyzer