

It’s either going to save it into a file or it’s going to make a live feed directly into the protocol analyzer. So a sniffer grabs all this information, and then the sniffer’s going to do one of two things.

So all the ethernet information, all the IP information, all the application information - it’s all there and these tools grab it. And when I say grabbing all the data, I mean all of the data. And these are tools that are actually grabbing all the data that’s going in and out of a particular interface. The sniffer is some type of software, and it usually has a name like Pcap (packet capture), WinPcap, Npcap or Win10Pcap. The first piece is what I’m going to call the sniffer. (0:56–1:58) Now, before I start opening one up and letting you look at it, you need to understand that there are two very separate pieces to any protocol analyzer.
