The IT Law Wiki

Network sniffing

32,062pages on
this wiki
Add New Page
Add New Page Talk0


Network sniffing is

a passive technique that monitors network communication, decodes protocols, and examines headers and payloads to flag information of interest. Besides being used as a review technique, network sniffing can also be used as a target identification and analysis technique.[1]


Reasons for using network sniffing include the following:

Network sniffing has little impact on systems and networks, with the most noticeable impact being on bandwidth or computing power utilization. The sniffer — the tool used to conduct network sniffing — requires a means to connect to the network, such as a hub, tap, or switch with port spanning.[2]


One limitation to network sniffing is the use of encryption. Many attackers take advantage of encryption to hide their activities — while assessors can see that communication is taking place, they are unable to view the contents. Another limitation is that a network sniffer is only able to sniff the traffic of the local segment where it is installed.


  1. NIST Special Publication 800-115, at 3-4.
  2. Id.

See also

Also on Fandom

Random Wiki