Another use of packet sniffing may be to conduct surveillance on users to ensure they are adhering to corporate policy. Naturally, this requires their consent. To achieve this, you would need to connect to a spanning port on the relevant switch in order to see all traffic for that network segment.
Finally, it's extremely useful to use a packet sniffer to monitor a computer's activity if you believe it may have been compromised, for example with a Trojan program or virus. You could connect a PC running a packet sniffer to a hub, to which you also connect the suspect machine. You can then observe all traffic in and (more importantly, out) of the suspect device and quickly determine if something is causing it to send data out to an attacker.
Related Q&A from Peter Wood
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important.... Continue Reading
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading