Port Mirroring

To monitor network traffic on a switched Ethernet network some help from the switch hardware is needed.  Cisco calls this port mirroring and it allows all the traffic of certain ports to appear on a given port (where a sniffer like Wireshark can record it).

As I mentioned in the class, sniffers can be detected when connected to a wired network using some clever tricks, though there are certain countermeasures too.

Some of you (Jordi I reckon) mentioned problems about sniffing on WPA networks, I guess this thread summarizes all about it.