What it (snooping or sniffing) is properly called traffic capture and analysis. That is, you run a special program...
or device that listens in "promiscuous" mode -- meaning that it will pick up any traffic, whether or not it's addressed to that system, which is passing by on the particular wire.
Many manageable hubs and switches have what is called a SPAN port function (SPAN=Sniffer Port Analyzer, although that may be a Cisco term, I don't know who originated it), where you can redirect traffic to and from a particular port to another port for analysis. You can also purchase a device known as a "network tap," which allows all traffic through a cable or fiber to be copied to a separate output for analysis. But taps tend to be expensive, ranging from $300 up through $1,000, depending on the type and details.
Not all problems can be solved with these, and it shouldn't be the only tool in a toolbox, but I can't count the number of times I've solved a problem with a network analyzer that simply could not be seen any other way.
There are free ones (e.g., TCPDump/WinDump and Ethereal) and commercial products (e.g., Network General's Sniffer product, Shomiti Surveyor). There are also full-on hardware solutions from many of the same vendors. The key difference is that any analyzer that relies on the NDIS network card driver to pass packets up for capture does NOT pass on any physical layer error information. The full hardware implementations usually write their own drivers so that this information (Jabber, Collision, etc.) IS passed on for analysis. This is not usually a problem, since modern switches and such contain better automatic protections and controls. But if your network was built with unmanaged or unmanageable equipment, then this may be the only way to find out that you have a problem.
Dig Deeper on Real-time network monitoring and forensics
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.