4.6. Understanding Protocol Analyzers

The terms Protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across a network. The software that performs the operation is called either an analyzer or a sniffer. Sniffers are readily available on the Internet. These tools were initially intended for legitimate network-monitoring processes, but they can also be used to gather data for illegal purposes.

IM traffic, for example, uses the Internet and is susceptible to packet-sniffing activities. Any information contained in an IM session is potentially vulnerable to interception. Make sure users understand that sensitive information should not be sent using this method.

One of the most well-known tools for analyzing network traffic in real time is snort (http://www.snort.org). Lab 4.3 walks through the installation of this tool.