What is Packet Sniffer?
A packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic. Like a telephone wiretap allows the FBI to listen in on other people's conversations, a "sniffing" program lets someone listen in on computer conversations.
However, computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as "protocol analysis", which allow them to "decode" the computer traffic and make sense of it.
Sniffing also has one advantage over telephone wiretaps: many networks use "shared media". This means that you don't need to break into a wiring closet to install your wiretap, you can do it from almost any network connection to eavesdrop on your neighbors. This is called a "promiscuous mode" sniffer. However, this "shared" technology is moving quickly toward "switched" technology where this will no longer be possible, which means you will have to actually tap into the wire.
How does it work?
Ethernet was built around a "shared" principle: all machines on a local network share the same wire. This implies that all machines are able to "see" all the traffic on the same wire. Thus, Ethernet hardware has a built-in "filter" allowing it to ignore all traffic that doesn't belong to it. It does this by ignoring all frames whose MAC address doesn't match to its own MAC . Etherscan Analyzer turns off this filter, setting the Ethernet hardware into "promiscuous mode". Thus, Etherscan Analyzer can see all traffic passing through Ethernet wire.
Why doesn't Etherscan Analyzer work on my network? It shows only packets originated from my computer, but not from others computer in LAN?
Probably you are connected to the LAN based on switch technology. Etherscan Analyzer shows packets from other computers only on hub-based networks.
Copyright
Some parts from thist document ware taken from "Sniffing (network wiretap, sniffer) FAQ" by Robert Graham.
Copyright 1998-2000 by Robert Graham (sniffing-faq@robertgraham.com. All rights reserved. |
