As previously mentioned, a sniffer allows you to view and analyze raw network
traffic. This traffic can be on a wire, fiber line, or even in the air on a wireless network.
While the data typically flows flawlessly from one point to another, there are times when
something goes wrong and a technician or administer needs to get inside the traffic to see
what is happening. However, this is not as easy as plugging in a computer and collecting
data. As we will demonstrate, sniffing a network properly take a solid understanding of
how the various pieces of equipment and software work together in unison.
2.1 Requirements
Sniffing a network is not as simple as plug and play. There are several requirements
that must be met before a sniffer will operate, depending on the target data. This section
will outline the technical aspects of network sniffing and the necessary hardware and
software components needed to successfully capture data.
2.1.1 Hardware
Before you attempt to sniff, you must have the proper hardware. This is not as simple
as selecting any network card off the shelf and plugging it in to a computer and expecting
it to work. Due to compatibility issues with the OS, other hardware components, and
more, it is important to perform some preliminary research into a sniffer’s requirements
before purchasing anything.
One particular area where the right hardware matters is when attempting to sniff a
wireless network. This is because there are several major types of wireless network cards
(WNICs) available on the market. Fortunately, these have become more standardized
across OEMs, especially now that built-in WiFi cards have mostly taken over.
2.1.2 Drivers
Once you have the appropriate hardware, you still need to ensure that your OS has
the right drivers to use that hardware. This can be a tricky part of getting a sniffer to work
properly, and it is why many sniffers either run on Unix based OSs, or require a special
driver to be installed before it will work in Windows.
In the case of the mobile Windows environment, most general-purpose
local
sniffers
will work with any WNIC without the need for a special driver or patch. Assuming your
WNIC is working before a sniffer is installed and the sniffer program is compatible with
your card, you will need no extra drivers. This said, if you want to perform wireless
sniffing, your sniffing
will
be limited. Currently there are no publicly available drivers
that make true promiscuous sniffing a reality for the Pocket PC. Instead, you will only
have access to networks with which your WNIC can associate, and then with only one at
a time. There are ways around this, but it would require you to purchase specialized
hardware and software costing several thousand dollars.
Note: If you are installing a Windows desktop sniffer, such as the free Ethereal, you
will probably need a special driver known as Winpcap available at
http://winpcap.polito.it. To install this driver, simply download and double-click the
executable. The installation process is straightforward and only requires a few clicks of
