Today's networking environment has become very complex. Networks have been growing in size rapidly and have come to support more complex applications. As result, troubleshooting and maintaining networks has become cumbersome and has created the need for new specialized tools such as Network Protocol Analyzers, better known as "Network Sniffers".Network Sniffers have become critical tools in today's networking management and troubleshooting processes. They enable network managers to evaluate and examine the data running through their network by troubleshooting network performance problems and identifying certain network faults. Network Sniffers can help identify network attacks and detect security threats; they can be used in intrusion detection systems.Besides their usage in the technical environment, network sniffers can be used for educational and research purposes. They can be used to help understand packets' architecture and traffic patterns generated by common network applications. Network Sniffers can also be used to evaluate protocol performance and assist in protocol development. Despite their usefulness, network sniffers can be harmful when used by hackers. With network sniffers, hackers can capture data and steal information from targeted networks.This study consists of two major efforts. The first major effort entails researching and determining a set of criteria to use in evaluating and comparing network sniffers. The second major effort involves using the criteria to evaluate and compare three free network sniffers, thus building a taxonomy. The three free network sniffers used in this study were Ethereal, EtherSnoop and Packetyzer. Each of these three sniffers was evaluated and tested. Then their features and capabilities were compared.
Journal of Computing Sciences in Colleges
Victor A. Clincy and Nael Abu-Halaweh. 2005. A Taxonomy of free Network Sniffers for teaching and research. J. Comput. Small Coll. 21, 1 (October 2005), 64-75.