Email This Page
What is a Network Sniffer?
Network sniffer is a program and/or device that monitors data traveling over a network.
Network sniffers can be used both for legitimate network management functions and for stealing information off a network. Network operations and maintenance personnel
may use network sniffers to monitor network traffic, analyze packets, watch network resource utilization, conduct forensic analysis of network security breaches and troubleshoot network problems. Unauthorized
network sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.
"Sniffer" as a product was originally created by Network General, which was acquired by Network
Associates during 1990'. Recently, Network Associates has spun off the Sniffer product
unit, which became a private company and re-named as Network General again.
"Sniffer" actually is a trade marked product brand of Network General. However, due to its popularity among the IT professionals,
the word "Sniffer" is widely used as a name for products that are doing network traffic capturing and analysis.
There are many "Sniffer" like products on the market. The market size for this
tool is nearly one billion dollars. There are two basic types of network
sniffers: Portable and Distributed.
Portable network sniffers are stand-alone devices or software
installed in a PC. Portable
network sniffers can perform data capturing and analysis real time and play back data
for more analysis at a later time. The price of portable
network sniffer is ranged from a few hundred dollars to tens of thousands dollars, depends on who is the vendor, the network
type (Ethernet, Gigabit Ethernet, Optical media WAN links etc.) and the types of data analysis are done. Portable
network sniffers are typically used for network troubleshooting
and network traffic monitoring in a single LAN segment. The core technologies for
a portable network sniffer are well established: packet capturing and analysis. Different vendors have their own specialties to conduct the analysis: such as simple protocol analysis, packets re-construction into original messages, or
expert analysis, etc.
Distributed network sniffers have two part: Monitoring Probe which is a device deployed at various point of the network and a Consol which is a software package installed in the Network Operation Center (NOC) to centrally monitor all Probes. The
distributed network sniffers are typically deployed by large enterprises to monitor their network from a centralized location such as NOC. The cost of deploy the
distributed network sniffers is ranged from tens of thousands of dollars to millions of dollars. In addition to packet capturing and analysis, the distributed sniffer also retrieves and uses SNMP and RMON data for additional network
statistical information.
The leading vendors in the portable sniffer field include: Network General, Agilent Technologies, Wildpackets and Javvin technologies etc.
The leading vendors in the distributed sniffer include Network General, Netscout etc.
There are also open source programs of network sniffering, such as Ethereal, available for public usage.
Network sniffers are also called Protocol Analyzer , Packet Analyzer, Network Sniffing Tool, Network Analyzer etc.
Packet Analyzer CAPSA vs. sniffers by other vendors
|
Properties |
Packet Analyzer CAPSA
|
Network General Sniffer Basic
|
Wildpackets Etherpeek
|
| Packet Capturing |
Ethernet 10/100 |
Ethernet 10/100 |
Ethernet 10/100 |
| Analysis |
Protocol analysis and packet re-construction to application message level
|
Simple protocol analysis; expert analysis are not included (only in the Sniffer pro version) |
Simple protocol analysis; Expert Analysis are Not included. (Only in the Etherpeek NX version) |
| Protocol decode |
All TCP/IP protocols |
TCP/IP protocols plus some legacy protocols |
TCP/IP protocols plus some legacy protocols |
| Filters |
Yes |
Yes |
Yes |
| Expert Module |
Yes, in the enterprise edition |
Must purchse the Sniffer Pro |
Must purchase EtherPeek NX |
| Easy-to-use |
30 minutes self training |
One week training by vendor |
One week training by vendor |
| Price |
$299 professional edition
$499 enterprise edition |
>$5000 |
> $1000 |
| Reporting |
Log files for anytime analysis; Real time statistics, charts and
reports |
Log files; Optional reporting package for purchase |
Log files |
|
