One of the most important tools in a security professional's arsenal is the mighty 'sniffer'. Its power is never underestimated, never undervalued. A sniffer is many things to many people. In the right hands it is invaluable, allowing for the analysis of complex traffic passing over the network, in the wrong hands it can be a destructive force, allowing for the capture of confidential or sensitive data as it flows on the wire.

The most common type of network is the Ethernet network. Ethernet was built on the principal that all computers on the same network will share the same 'wire'. As a result, it is potentially possible that any one computer on the network could see all of the traffic on that network, regardless of whether that traffic was destined for it or not. To overcome this possibility, all Ethernet hardware (your network card) is programmed with a 'filter' that instructs it to ignore packets that do not its own MAC address. This has the effect of a single computer only receiving data that has been addressed directly to it, or to the whole network, like broadcast packets.

The link for this article located at Help Net Security is no longer available.