Some time ago I’ve wrote the post “What are Log File Analysis and Page Tagging?” about the most popular web analytics technologies “Page tagging” and “Log file analyzers”. I received a comment from Ivo Rehberger (Development Manager, Nextwell) in which he mentioned the advantages of Packet sniffing over the other two technologies. I just omitted this third technology because I wanted to mention the two most popular, but I do agree with Ivo, this technology is as good as the other two and is important at least to mention it (with pros and cons).
…”One of the most important advantage of such approach is the fact that it is non-intrusive technology (no server log integration, no painful page tagging). So there is no risks to deploy the sniffer into local network environment of servers to be tracked. Unlike server logs or page tagging, packet sniffing is completely transparent for tracked website(s) and is able to produce more complex and quality clickstream data than server logs or page tags”… (Ivo Rehberger).
A packet sniffer (also known as a network analyzer or protocol analyzer or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications.
The versatility of packet sniffers means they can be used to:
– Analyse network problems.
– Detect network intrusion attempts.
– Gain information for effecting a network intrusion.
– Monitor network usage.
– Gather and report network statistics.
– Filter suspect content from network traffic.
– Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
– Reverse engineer protocols used over the network.
– Debug client/server communications.
Example uses
– A packet sniffer for a token ring network could detect that the token has been lost or the presence of too many tokens (verifying the protocol).
– A packet sniffer could detect that messages are being sent to a network adapter; if the network adapter did not report receiving the messages then this would localize the failure to the adapter.
– A packet sniffer could detect excessive messages being sent by a port, detecting an error in the implementation.
– A packet sniffer could collect statistics on the amount of traffic (number of messages) from a process detecting the need for more bandwidth or a better method.
– A packet sniffer could be used to extract messages and reassemble into a compete form the traffic from a process, allowing it to be reverse engineered.