The Association of Digital Forensics, Security and Law (ADFSL)


The best way to understand an internet packet sniffer, hereafter “packet sniffer”, is by analogy with a wiretap. A wiretap is a piece of hardware that allows a person to eavesdrop on phone conversations over a telephone network. Similarly, a packet sniffer is a piece of software that allows a person to eavesdrop on computer communications over the internet. A packet sniffer can be used as a diagnostic tool by network administrators or as a spying tool by hackers who can use it to steal passwords and other private information from computer users. Whether you are a network administrator or information assurance specialist, it helps to have a detailed understanding of how packet sniffers work. And one of the best ways to acquire such an understanding is to build and modify an actual packet sniffer. But first, a disclaimer: the information contained in this paper is for educational purposes only—the use of packet sniffers to eavesdrop on private information is illegal, and violates the computer use policies of most organizations.


Ansari, S., Rajeev, S., and Chandrashekar, H. (2002). Packet Sniffing: A Brief Introduction. IEEE Potentials, 21, 17-19.

Blum, R. (2003). C# Network Programming. San Francisco, CA: Sybex. Dostalek, L., and Kabelova, A. (2006). Understanding Tcp/ip: A Clear And Comprehensive Guide (p. 245). Birmingham, UK: Packt Publising.

Kozierok, C. (2005). The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference. San Francisco, CA: No Starch Press.




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.