In the first step, the packet sniffer switches the selected network interface into promiscuous mode. In this mode the network card can listen for all network traffic on its particular network segment. The sniffer uses this mode along with low-level access to the interface to capture the raw binary data from the wire.

In this step, the captured binary data is converted into a readable form. This is where most advanced command-line-driven packet sniffers stop. At this point, the network data is in a form that can be interpreted only on a very basic level, leaving the majority of the analysis to the end ...