Network monitoring tools can be used to monitor data transfers on your network. Monitoring is a process of capturing link frames in the network and storing these frames in memory. Monitoring also includes viewing the contents of the individual captured frames.
We will mainly use the two programs, Network Monitor and Ethereal, to demonstrate different network protocols. Both programs have a similar graphical user interface. A wide selection of similar programs is available in the market. The UNIX operating system offers the tcpdump command. As opposed to the programs mentioned above, tcpdump does not have a graphical user interface and is designed to be used mainly for scripts.
In addition to these tools, network monitoring hardware is also available. What are the advantages of hardware network monitors? These tools are particularly important for technical staff. Software monitors only display frames that are undamaged. It may be that a station has a damaged network interface card, which produces faulty frames. Software monitors have a difficult time recognizing these damaged stations. Moreover, Fiber Distributed Data Interface (FDDI) service frames are not displayed by software monitors.
The bigger problems with using network monitoring tools are in the area of security. The argument used against them is that they can be easily used to capture the password of network users that work with Telnet, FTP, and web browsers (in the case of the HTTP protocol).
The authors of this article, on the contrary, consider it useful to demonstrate password capturing. Even more than initial security problems, these demonstrations serve to convince companies to change their authorization method from the dangerous username/password system.