Sniffing The LAN

Sniffing a LAN requires putting a network device in a mode where it captures all packets it sees on the LAN (promiscuous mode), and transfers them to some user program. 'tcpdump' is such a program.

'tcpdump' allows one to sniff packets. Since LAN traffic is normally very large, 'tcpdump' allows us to filter packets based on various packet fields, such as protocol type, source/destination address and the like.

The expression syntax used by 'tcpdump' requires good familiarity with the exact structure of various protocol packets.