How Network Protocol Analyzers (Sniffers) work?

First network protocol analyzer (Sniffer) switches the selected network interface into promiscuous mode. In promiscuous mode the network card can listen for all network traffic on its particular network segment. The network protocol analyzer (Sniffer) uses this mode along with low-level access to the interface to capture the raw binary data from the wire. The captured binary data is then converted into a readable format. After it is converted in to readable format it is then analyzed based on the protocol.

The network protocol analyzer (Sniffer) can analyze large number of network protocols including ARP, IP, ICMP, TCP, UDP, DCCP, HTTP, FTP, DNS, and DHCP.