33:
351:
regulations. Using packet capture and storage, telecommunications carriers can provide the legally required secure and separate access to targeted network traffic and can use the same device for internal security purposes. Collecting data from a carrier system without a warrant is illegal due to laws
215:
Some protocol analyzers can also generate traffic. These can act as protocol testers. Such testers generate protocol-correct traffic for functional testing, and may also have the ability to deliberately introduce errors to test the
987:
protocol analyzer. Also known as a network analyzer or packet analyzer, a protocol analyzer is a hardware device or software program that enables you to capture, store, and analyze each packet that crosses your
115:
these terms can also have other meanings. Protocol analyzer can technically be a broader, more general class that includes packet analyzers/sniffers. However, the terms are frequently used interchangeably.
223:
Protocol analyzers can also be hardware-based, either in probe format or, as is increasingly common, combined with a disk array. These devices record packets or packet headers to a disk array.
1106:
348:
653:
794:
148:), it may be possible to capture all traffic on the network from a single machine. On modern networks, traffic can be captured using a network switch using
88:
and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate
1140:
968:
889:
719:
678:
622:
580:
974:
945:
Those protocol analyzers that are designed for packet analysis are called packet analyzers (packet sniffers, sometimes network analyzers).
670:
Practical
Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
599:
A sniffer (also called a packet analyzer or protocol analyzer) is a software application that captures traffic traveling over the network.
824:
628:
586:
1069:
725:
684:
152:, which mirrors all packets that pass through designated ports of the switch to another port, if the switch supports port mirroring. A
854:
239:
156:
is an even more reliable solution than to use a monitoring port since taps are less likely to drop packets during high traffic load.
108:
295:
Spy on other network users and collect sensitive information such as login details or users cookies (depending on any content
365:
1111:
750:
Asrodia, Pallavi; Patel, Hemlata (2012). "Analysis of
Various Packet Sniffing Tools for Network Monitoring and Analysis".
212:
that lets engineers review exchanged information. Protocol analyzers vary in their abilities to display and analyze data.
1150:
1145:
179:
1008:
163:, traffic can be captured on one channel at a time, or by using multiple adapters, on several channels simultaneously.
1038:
460:
544:
Some methods avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g.,
1135:
697:
A packet sniffer (also known as a packet analyzer, protocol analyzer, or networkanalyzer) monitors network traffic
786:
427:
340:
191:
525:
61:
312:
755:
738:
Packet
Sniffing: A packet analyzer, also called as a network analyzer, protocol analyzer or packet sniffer
332:
353:
209:
125:
520:
387:
324:
305:
89:
760:
407:
69:
936:
647:
412:
356:, communications can be kept confidential from telecommunication carriers and legal authorities.
198:
182:
the adapter is configured for are usually ignored. To see those packets, the adapter must be in
958:
1120:
964:
928:
885:
816:
765:
715:
674:
618:
612:
576:
570:
417:
277:
254:
Identify data collection and sharing of software such as operating systems (for strengthening
217:
112:
57:
1061:
709:
668:
918:
881:
510:
465:
437:
376:
302:
175:
73:
65:
53:
846:
1101:
475:
271:
171:
32:
505:
149:
145:
85:
1129:
1096:
940:
572:(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
382:
248:
Documenting regulatory compliance through logging all perimeter and endpoint traffic
178:. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the
545:
500:
432:
201:
are recorded. Recording just headers reduces storage requirements, and avoids some
183:
160:
141:
95:
A packet analyzer used for intercepting traffic on wireless networks is known as a
711:
Cyber Law, Privacy, and
Security: Concepts, Methodologies, Tools, and Applications
774:
Packet
Sniffing... also known as Network or Protocol Analyzer or Ethernet Sniffer
292:
Serve as the primary data source for day-to-day network monitoring and management
923:
906:
289:
Troubleshoot performance problems by monitoring network data from an application
202:
153:
81:
960:
MCTS 70-642 Cert Guide: Windows Server 2008 Network
Infrastructure, Configuring
17:
454:
296:
133:
932:
769:
1000:
480:
197:
When traffic is captured, either the entire contents of packets or just the
187:
1030:
190:
traffic to a multicast group the packet analyzer is already monitoring, or
752:
International
Journal of Electrical, Electronics and Computer Engineering
448:
422:
392:
267:
Monitor network usage (including internal and external users and systems)
129:
641:
Packet
Sniffing: It is also known as packet analyzer, protocol analyzer
470:
336:
255:
167:
1115:
486:
402:
397:
27:
Computer network equipment or software that analyzes network traffic
442:
205:, yet often provides sufficient information to diagnose problems.
100:
31:
515:
344:
137:
907:"Packet analysis for network forensics: A comprehensive survey"
569:
Chapple, Mike; Stewart, James
Michael; Gibson, Darril (2018).
208:
Captured information is decoded from raw digital form into a
261:
Aid in gathering information to isolate exploited systems
331:
Packet capture can be used to fulfill a warrant from a
107:. While a packet analyzer can also be referred to as a
80:
is the process of intercepting and logging traffic. As
911:
Forensic
Science International: Digital Investigation
245:
Detect network misuse by internal and external users
84:
flow across the network, the analyzer captures each
251:Gain information for effecting a network intrusion
349:Communications Assistance for Law Enforcement Act
327:, access control, Web filter, spam filter, proxy)
166:On wired broadcast and wireless LANs, to capture
36:Screenshot of Wireshark network protocol analyzer
614:Cross-Border E-Commerce Marketing and Management
347:providers in the United States must comply with
339:all network traffic generated by an individual.
186:. No special provisions are required to capture
611:Rakibul, Hoque, Md; Edward, Bashaw, R. (2020).
323:Verify internal control system effectiveness (
8:
652:: CS1 maint: multiple names: authors list (
286:Identify suspect content in network traffic
489:Open source Network Forensic Analysis Tool
922:
759:
1105:) is being considered for deletion. See
561:
537:
645:
317:Debug network protocol implementations
140:, depending on the network structure (
438:NetScout Systems nGenius Infinistream
7:
878:Law of Internet Security and Privacy
797:from the original on August 30, 2023
283:Gather and report network statistics
170:traffic between other machines, the
977:from the original on April 13, 2023
403:EndaceProbe Packet Capture Platform
364:For a more comprehensive list, see
1072:from the original on June 30, 2023
1062:"Where is Protocol analyzer used?"
1041:from the original on June 30, 2023
857:from the original on April 5, 2023
827:from the original on July 30, 2023
728:from the original on April 6, 2023
687:from the original on April 5, 2023
631:from the original on April 5, 2023
589:from the original on April 5, 2023
99:- those designed specifically for
25:
1109:to help reach a consensus. ›
1011:from the original on June 7, 2023
817:"What is Network Packet Capture?"
264:Monitor WAN bandwidth utilization
174:capturing the traffic must be in
1141:Packets (information technology)
1060:shivakumar (December 18, 2020).
847:"Definition of network analyzer"
714:. IGI Global. 2019. p. 58.
320:Verify adds, moves, and changes
366:Comparison of packet analyzers
352:about interception. By using
1:
220:'s ability to handle errors.
1001:"Network Segment Definition"
483:(formerly known as Ethereal)
313:client/server communications
924:10.1016/j.fsidi.2019.200892
787:"What is a Packet Sniffer?"
617:. IGI Global. p. 186.
383:Charles Web Debugging Proxy
299:methods that may be in use)
72:traffic that passes over a
1167:
876:Kevin J. Connolly (2003).
373:Allegro Network Multimeter
363:
341:Internet service providers
905:Sikos, Leslie F. (2020).
575:. John Wiley & Sons.
428:Microsoft Network Monitor
92:or other specifications.
1107:templates for discussion
1031:"Lab Protocol Analyzers"
526:Traffic generation model
451:, Omnipliance by Savvius
360:Notable packet analyzers
235:Analyze network problems
62:packet capture appliance
258:, control and security)
333:law enforcement agency
231:Packet analyzers can:
126:shared-medium networks
76:or part of a network.
37:
1066:Prodigy Technovations
963:. Pearson Education.
957:Poulton, Don (2012).
673:. Pearson Education.
354:end-to-end encryption
308:used over the network
306:proprietary protocols
210:human-readable format
35:
667:Trost, Ryan (2009).
521:Signals intelligence
388:Carnivore (software)
203:privacy legal issues
1151:Deep packet capture
1146:Wireless networking
1112:Protocol Analyzers
38:
1136:Network analyzers
970:978-0-13-280216-1
891:978-0-7355-4273-0
791:www.kaspersky.com
721:978-1-5225-8898-6
680:978-0-321-59188-3
624:978-1-7998-5824-9
582:978-1-119-47587-3
476:Observer Analyzer
278:endpoint security
240:network intrusion
218:device under test
113:protocol analyzer
97:wireless analyzer
58:computer hardware
16:(Redirected from
1158:
1082:
1081:
1079:
1077:
1057:
1051:
1050:
1048:
1046:
1027:
1021:
1020:
1018:
1016:
997:
991:
990:
984:
982:
954:
948:
947:
926:
902:
896:
895:
882:Aspen Publishers
873:
867:
866:
864:
862:
843:
837:
836:
834:
832:
813:
807:
806:
804:
802:
783:
777:
776:
763:
747:
741:
740:
735:
733:
706:
700:
699:
694:
692:
664:
658:
657:
651:
643:
638:
636:
608:
602:
601:
596:
594:
566:
549:
542:
511:Network detector
379:Network Analyzer
303:Reverse engineer
276:Monitor WAN and
176:promiscuous mode
109:network analyzer
74:computer network
54:computer program
50:network analyzer
21:
1166:
1165:
1161:
1160:
1159:
1157:
1156:
1155:
1126:
1125:
1110:
1091:
1086:
1085:
1075:
1073:
1059:
1058:
1054:
1044:
1042:
1035:www.amilabs.com
1029:
1028:
1024:
1014:
1012:
999:
998:
994:
980:
978:
971:
956:
955:
951:
904:
903:
899:
892:
884:. p. 131.
875:
874:
870:
860:
858:
845:
844:
840:
830:
828:
815:
814:
810:
800:
798:
785:
784:
780:
749:
748:
744:
731:
729:
722:
708:
707:
703:
690:
688:
681:
666:
665:
661:
644:
634:
632:
625:
610:
609:
605:
592:
590:
583:
568:
567:
563:
558:
553:
552:
543:
539:
534:
497:
492:
369:
362:
272:data in transit
229:
172:network adapter
122:
105:Wi-Fi analyzers
42:packet analyzer
28:
23:
22:
18:Packet sniffing
15:
12:
11:
5:
1164:
1162:
1154:
1153:
1148:
1143:
1138:
1128:
1127:
1124:
1123:
1121:Packet Capture
1118:
1094:
1090:
1089:External links
1087:
1084:
1083:
1052:
1022:
992:
969:
949:
897:
890:
868:
838:
821:www.endace.com
808:
778:
761:10.1.1.429.567
742:
720:
701:
679:
659:
623:
603:
581:
560:
559:
557:
554:
551:
550:
536:
535:
533:
530:
529:
528:
523:
518:
513:
508:
506:Logic analyzer
503:
496:
493:
491:
490:
484:
478:
473:
468:
463:
457:
452:
446:
445:, Network Grep
440:
435:
430:
425:
420:
415:
410:
405:
400:
395:
390:
385:
380:
374:
370:
361:
358:
329:
328:
321:
318:
315:
309:
300:
293:
290:
287:
284:
281:
274:
268:
265:
262:
259:
252:
249:
246:
243:
236:
228:
225:
150:port mirroring
121:
118:
78:Packet capture
46:packet sniffer
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1163:
1152:
1149:
1147:
1144:
1142:
1139:
1137:
1134:
1133:
1131:
1122:
1119:
1117:
1113:
1108:
1104:
1103:
1098:
1093:
1092:
1088:
1071:
1067:
1063:
1056:
1053:
1040:
1036:
1032:
1026:
1023:
1010:
1006:
1005:www.linfo.org
1002:
996:
993:
989:
976:
972:
966:
962:
961:
953:
950:
946:
942:
938:
934:
930:
925:
920:
916:
912:
908:
901:
898:
893:
887:
883:
879:
872:
869:
856:
852:
848:
842:
839:
826:
822:
818:
812:
809:
796:
792:
788:
782:
779:
775:
771:
767:
762:
757:
753:
746:
743:
739:
727:
723:
717:
713:
712:
705:
702:
698:
686:
682:
676:
672:
671:
663:
660:
655:
649:
642:
630:
626:
620:
616:
615:
607:
604:
600:
588:
584:
578:
574:
573:
565:
562:
555:
547:
541:
538:
531:
527:
524:
522:
519:
517:
514:
512:
509:
507:
504:
502:
499:
498:
494:
488:
485:
482:
479:
477:
474:
472:
469:
467:
464:
462:
458:
456:
453:
450:
447:
444:
441:
439:
436:
434:
431:
429:
426:
424:
421:
419:
416:
414:
411:
409:
406:
404:
401:
399:
396:
394:
391:
389:
386:
384:
381:
378:
375:
372:
371:
367:
359:
357:
355:
350:
346:
342:
338:
334:
326:
322:
319:
316:
314:
310:
307:
304:
301:
298:
294:
291:
288:
285:
282:
279:
275:
273:
269:
266:
263:
260:
257:
253:
250:
247:
244:
241:
237:
234:
233:
232:
226:
224:
221:
219:
213:
211:
206:
204:
200:
195:
193:
189:
185:
181:
177:
173:
169:
164:
162:
161:wireless LANs
157:
155:
151:
147:
143:
139:
135:
131:
127:
119:
117:
114:
110:
106:
103:networks are
102:
98:
93:
91:
87:
83:
79:
75:
71:
67:
63:
59:
55:
51:
47:
43:
34:
30:
19:
1100:
1074:. Retrieved
1065:
1055:
1043:. Retrieved
1034:
1025:
1013:. Retrieved
1004:
995:
986:
979:. Retrieved
959:
952:
944:
914:
910:
900:
877:
871:
861:December 26,
859:. Retrieved
850:
841:
829:. Retrieved
820:
811:
801:December 26,
799:. Retrieved
790:
781:
773:
751:
745:
737:
730:. Retrieved
710:
704:
696:
689:. Retrieved
669:
662:
640:
633:. Retrieved
613:
606:
598:
591:. Retrieved
571:
564:
546:ARP spoofing
540:
501:Bus analyzer
433:NarusInsight
330:
230:
222:
214:
207:
196:
184:monitor mode
165:
158:
123:
120:Capabilities
104:
96:
94:
82:data streams
77:
49:
45:
41:
39:
29:
1095:‹ The
1015:January 14,
180:service set
154:network tap
1130:Categories
917:: 200892.
556:References
455:SkyGrabber
297:encryption
134:Token Ring
128:, such as
60:such as a
981:March 23,
941:212863330
933:2666-2817
770:2277-2626
756:CiteSeerX
732:March 23,
691:March 23,
648:cite book
635:March 23,
593:March 23,
481:Wireshark
325:firewalls
194:traffic.
192:broadcast
188:multicast
124:On wired
64:that can
1097:template
1076:June 30,
1070:Archived
1045:June 30,
1039:Archived
1009:Archived
975:Archived
855:Archived
831:April 5,
825:Archived
823:. 2023.
795:Archived
793:. 2018.
726:Archived
685:Archived
629:Archived
587:Archived
495:See also
449:OmniPeek
423:Lanmeter
408:ettercap
393:CommView
270:Monitor
242:attempts
130:Ethernet
1099:below (
988:network
471:tcpdump
461:Sniffer
413:Fiddler
337:wiretap
256:privacy
238:Detect
199:headers
168:unicast
66:analyze
52:) is a
1116:Curlie
1102:Curlie
967:
939:
931:
888:
768:
758:
754:: 55.
718:
677:
621:
579:
487:Xplico
418:Kismet
398:dSniff
311:Debug
280:status
146:switch
136:, and
86:packet
44:(also
937:S2CID
851:PCMAG
532:Notes
466:snoop
443:ngrep
377:Capsa
101:Wi-Fi
1078:2023
1047:2023
1017:2016
983:2023
965:ISBN
929:ISSN
886:ISBN
863:2021
833:2023
803:2021
766:ISSN
734:2023
716:ISBN
693:2023
675:ISBN
654:link
637:2023
619:ISBN
595:2023
577:ISBN
516:pcap
459:The
345:VoIP
343:and
227:Uses
138:FDDI
68:and
1114:at
919:doi
335:to
159:On
144:or
142:hub
111:or
90:RFC
70:log
56:or
48:or
1132::
1068:.
1064:.
1037:.
1033:.
1007:.
1003:.
985:.
973:.
943:.
935:.
927:.
915:32
913:.
909:.
880:.
853:.
849:.
819:.
789:.
772:.
764:.
736:.
724:.
695:.
683:.
650:}}
646:{{
639:.
627:.
597:.
585:.
548:).
132:,
40:A
1080:.
1049:.
1019:.
921::
894:.
865:.
835:.
805:.
656:)
368:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.