> For the complete documentation index, see [llms.txt](https://book.thegurusec.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.thegurusec.com/certifications/certified-ethical-hacker-practical/sniffing.md). # Sniffing ## Introduction Packet sniffing is the practice of gathering, collecting, and logging some or all packets that pass thru a computer network, regardless of how the packet is addressed. In this way, every packet, or a defined subset of packets, may be gathered for further analysis. You, as a network administrator, can use the collected data for a wide variety of purposes, like monitoring bandwidth and traffic. A packet sniffer, sometimes called a packet analyzer, is composed of two main parts. First, a network adapter that connects the sniffer to the existing network. Second, software that provides a way to log, see, or analyze the data collected by the device. ## WireShark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named "Ethereal," the project was renamed "Wireshark" in May 2006 due to trademark issues. {% hint style="success" %} I can't stress how much you need to learn Wireshark. Since this wireshark is very important from an exam point of view. So, please learn. You can Google stuff online. There are tons of video tutorials for Wireshark. {% endhint %} * [ ] How to analyze the packets * [ ] Learn to analyze the list of IPs that had DDos attacks. * [ ] Learn to find sensitive data in the HTTP flow. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://book.thegurusec.com/certifications/certified-ethical-hacker-practical/sniffing.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.