A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis. Used to identify security risks and/or to monitor employees' activities (such as Web sites visited), a snoop program puts network interfaces into promiscuous mode. Promiscuous mode allows the system to access all the data in each network packet - instead of only routing-related information - including those packets intended for other computers. Packet data is typically captured to a file for later analysis and reporting. Any computer on a network can use a snoop program, although - at least for administrative purposes - they are most often installed on servers. Snooping is also a popular means of illicitly collecting network data; sometimes an administrative snoop server finds a previously undetected node operating for this purpose. The Sun Solaris operating system furnishes an administrative snoop command that captures packets and displays either a single line packet summary or a very detailed description.

05 Jun 2007