Javvin - Network Sniffers

What is Network Sniffer?

Network Sniffer is a program and/or device that monitors data traveling over a network. Network Sniffers can be used both for legitimate network management functions and for stealing information off a network. Network operations and maintenance personnel use Network Sniffer to monitor network traffic, analyze packets, watch network resource utilization, conduct forensic analysis of network security breaches and troubleshoot network problems. Unauthorized Network Sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.

Network Sniffer as a product was originally created Network General, which was acquired by Network Associates. Recently, Network Associates has decided to spin off the Network Sniffer product unit. The Network Sniffer unit has become a private company and re-named as Network General again. Network Sniffer actually is a trade marked product brand of Network General. However, due to its popularity among the IT professionals, Network Sniffer is widely used for all products that are doing network traffic capturing and analysis.

There are many Sniffer like products on the market. The market size for this nearly one billion dollars. There are two basic types of Sniffers: Portable and Distribute.

Portable Sniffers are stand-alone devices or software that can be installed in a PC. Portable Sniffers can perform data capturing, real time and play back data analysis functions. The price of portable Sniffer is ranged from a few hundred dollars to tens of thousands dollars, depends on who is the vendor, the network (Ethernet, Gigabit Ethernet, Optical media WAN links etc.) to monitor and the types of data analysis are done. Portable Sniffer is typically used by small companies or field engineers of larger companies. The core technologies for portable sniffer are well established: packet capturing and analysis. Different vendors have their own specialties to conduct the analysis: such as simple protocol analysis, packets re-construction into original messages, or Expert Analysis, etc.

Distributed Network sniffers have two part: Monitoring Probe which is a device deployed at various point of the network and a Consol which is a software packet installed in the Network Operation Center (NOC) to centrally monitor all Probes. The Distributed Sniffer are typically deployed by large enterprises to monitor their network from a centralized location such as NOC. The cost of deploy the Distributed Sniffer is ranges from tens of thousands of dollars to millions of dollars. In addition to packet capturing and analysis, the distributed sniffer also retrieves and uses SNMP and RMON data for additional network information.

The leading vendors in the portable network sniffer field include: Network General, Agilent Technologies, Wildpackets and Javvin technologies etc.

The leading vendors in the distributed sniffer include Network General, Netscout etc.

There are also open source programs such as Ethereal available for public usage.

Network Sniffers are also called Protocol Analyzer, Packet Analyzer, Network Sniffing Tool, Network Analyzer etc.