Packet sniffing is the capturing of data packets to log and analyze those data packets. Packet sniffing is also known as packet analysis, packet capture and network analysis. Packet sniffing is useful for troubleshooting network problems, performing statistical analysis of network traffic and so on.
Capturing packets for the purpose of packet sniffing conventionally occurs at a low level of packet processing in a computer system. The common low-level point of capture for packet sniffing is the network interface card (NIC). When packet sniffing is performed, the NIC passes all traffic to a packet sniffing function in the computer system. Packet sniffing in this way is specific to the particular NIC and occurs by placing the NIC in a special promiscuous mode. Placing the NIC in promiscuous mode forwards every packet seen by the NIC on the network to the computer system's central processing unit rather than just frames addressed to the central processing unit. As a result of handling all traffic from the NIC, the computer system experiences an increase in processor demand. This can have a negative impact on other processes in the computer system. Collecting all of the traffic also results in more data than what is necessary to efficiently perform the packet sniffing function.
Additionally, packet sniffing at the NIC captures packets at layer 2 Media Access Control (MAC) processing of the packets. Capturing packets from a layer 2 process limits information about other processes that affect packets.