Sniffing

Sniffing is the use of a network interface to receive data not intended for the machine in which
the interface resides. A variety of types of machines need to have this capability. A token-ring
bridge, for example, typically has two network interfaces that normally receive all packets
traveling on the media on one interface and retransmit some, but not all, of these packets on
the other interface. Another example of a device that incorporates sniffing is one typically
marketed as a “network analyzer.” A network analyzer helps network administrators diagnose a
variety of obscure problems that may not be visible on any one particular host. These problems
can involve unusual interactions between more than just one or two machines and sometimes
involve a variety of protocols interacting in strange ways.
Devices that incorporate sniffing are useful and necessary. However, their very existence
implies that a malicious person could use such a device or modify an existing machine to snoop
on network traffic. Sniffing programs could be used to gather passwords, read inter-machine
e-mail, and examine client-server database records in transit. Besides these high-level data, low-
level information might be used to mount an active attack on data in another computer
system.