# Sniffing ## Introduction Packet sniffing is the practice of gathering, collecting, and logging some or all packets that pass thru a computer network, regardless of how the packet is addressed. In this way, every packet, or a defined subset of packets, may be gathered for further analysis. You, as a network administrator, can use the collected data for a wide variety of purposes, like monitoring bandwidth and traffic. A packet sniffer, sometimes called a packet analyzer, is composed of two main parts. First, a network adapter that connects the sniffer to the existing network. Second, software that provides a way to log, see, or analyze the data collected by the device. ## WireShark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named "Ethereal," the project was renamed "Wireshark" in May 2006 due to trademark issues. {% hint style="success" %} I can't stress how much you need to learn Wireshark. Since this wireshark is very important from an exam point of view. So, please learn. You can Google stuff online. There are tons of video tutorials for Wireshark. {% endhint %} * [ ] How to analyze the packets * [ ] Learn to analyze the list of IPs that had DDos attacks. * [ ] Learn to find sensitive data in the HTTP flow. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.thegurusec.com/certifications/certified-ethical-hacker-practical/sniffing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.