Packet sniffing is a way of intercepting data packets travelling to a network. To capture all traffic travelling to and from internet host site, a sniffer program executes its functions at the Ethernet layer in combination with network interface cards (NIC). The sniffer program will collect all communication packets floating by anywhere near the internet host site if any of the Ethernet NIC cards are in promiscuous mode.

A sniffer placed on any inter-network link or backbone device or network aggregation point will therefore be in a state of monitoring the entire lot of traffic. There are multiple sniffers programs on the internet that are free and most of them are passive. Packet sniffers listen all data link layer frames passing by the device’s network interface and among them which are more sophisticated ones allow more active intrusion.

It is required to detect network interfaces that are running in promiscuous mode in order to detect packet sniffing. There are two ways of detecting sniffing:

Host-based: If the NIC is running in promiscuous mode, several software commands exist that can be run on individual host machines to tell the same.