Packet capture is the process carried out by a packet analyzer, also known as a protocol analyzer, network analyzer or packet sniffer, or for certain types of networks, a wireless sniffer or Ethernet sniffer. This is a computer program or piece of hardware which intercepts and logs traffic passing over a digital network, or a certain part of the network. The sniffer captures each packet of data which streams past and decodes its raw data if necessary, showing the values of different fields in the packet and analyzing the content, in accordance with RFC (Request for Comments) specifications. The analysis helps to determine if there are any irregular packets. This then helps to maintain effective data transmission.
Packet capture can be used either legitimately or illegitimately. When used legitimately, the packet sniffer identifies the data and any transmission errors to facilitate efficient network communication. However, in an illegitimate-use scenario, a disaffected company employee, for example, can use the data to capture the business’s credit account information. Obviously this can only be for malicious purposes, as he can then use the information to transfer company funds to his own personal account!
The most important function of packet capture is network detection. The process of packet capture is similar in essence to telephone wiretapping, inasmuch as it detects everything going through the computer networks. The main function of it is to monitor network performance and troubleshoot any problems which may arise. Sniffers can also capture data from diverse parts of the network using a monitoring port. This type of interface intercepts data from different points and sends them to the network administrator, to be decoded and analysed.
Decoding of Data
Packet sniffers obtain data in a coded format, i.e. digitally. It is then decoded into a form which can be read by humans, i.e. by the network administrator who then detects the errors. He/she also uncovers the root cause of the errors and subsequently fixes them.
In addition to capturing data, some packet analyzers also create traffic. In this way they then become reference devices which are subsequently used as protocol testers. These testers generate traffic in accordance with the correct protocol which is used for functional testing. The purpose of creating artificial traffic like this is that it purposely introduces errors, which help the administrators test how effectively packet sniffers can cope with actual errors.
Analysis of Network Problems
Packet sniffers have a number of functions, but one of the main ones is to analyze network problems. By these means, they help to detect attempts at intrusion, detect misuse of the network, debug server communications, monitor data in momentum, filter out suspect content, gather statistics on the network, detect and isolate exploited systems, and monitor network usage. Thus the information collected through these methods serves as primary data for network monitoring purposes.