*** Welcome to piglix ***

Packet capture


A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.

Packet capture is the process of intercepting and logging traffic.

On wired broadcast LANs, such as Ethernet, Token Ring, and FDDI networks, depending on the network structure (hub or switch), one can capture traffic on all or parts of the network from a single machine on the network. However, some methods avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g., ARP spoofing). For network monitoring purposes, it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called monitoring port that mirrors all packets that pass through all ports of the switch when systems are connected to a switch port. To use a network tap is an even more reliable solution than to use a monitoring port, since taps are less likely to drop packets during high traffic load.


...
Wikipedia

...