Network sniffing is

a passive technique that monitors network communication, decodes protocols, and examines headers and payloads to flag information of interest. Besides being used as a review technique, network sniffing can also be used as a target identification and analysis technique.[1]


Reasons for using network sniffing include the following:

Network sniffing has little impact on systems and networks, with the most noticeable impact being on bandwidth or computing power utilization. The sniffer — the tool used to conduct network sniffing — requires a means to connect to the network, such as a hub, tap, or switch with port spanning.[2]


One limitation to network sniffing is the use of encryption. Many attackers take advantage of encryption to hide their activities — while assessors can see that communication is taking place, they are unable to view the contents. Another limitation is that a network sniffer is only able to sniff the traffic of the local segment where it is installed.


  1. NIST Special Publication 800-115, at 3-4.
  2. Id.

See also

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.