Often, things are not what they appear to be. To hear the media tell it, the worst fate a system administrator can suffer is for his Web server to be hacked and his Web page altered. Not true.

In fact, although these in-your-face hack attacks seem dramatic and often command screaming headlines, they're nothing compared to a real attack. Real crackers generally don't announce their presence or flaunt their achievements. Instead, they install surreptitious monitoring devices that stealthily gather information on your network.

Such tools are called protocol analyzers and are otherwise known as sniffers. This chapter will look at sniffers, what they do, and how they're designed. You'll also use some sniffers, ...