Packet sniffers, or protocol analyzers as they’re sometimes called are useful network administration tools. Admins will use them to look at network traffic much like highway traffic cameras monitor traffic on the roadways. How much traffic is there? Where is it all coming from and going to? What kind of traffic is it? Regular monitoring can answer questions like these.
Even if you never use one, just knowing what they are and how they work is useful for anyone who works with computers. I’ve read stories of IT staff performing a live capture of unencrypted packets as part of a user education seminar in order to demonstrate to end users the necessity of using encryption. Seeing someone’s email sniffed and presented on a big screen can be an eye-opening way to make a point about the necessity of network security.
Historically I’ve recommended Wireshark as a great, free, open-source packet sniffer. Free is always good, and I like the fact that it runs on many operating systems. That way anyone can just download it, install it on their home computer and try it out. Network Monitor, on the other hand, is Microsoft’s answer. Historically it only came with specific versions of Microsoft’s server-oriented products. But it’s been revamped, improved, and is now available as a free download. But you must have Windows 7, or Windows Server 2003 or newer.
So Wireshark might be a good choice for you if you have Vista, XP, or if you are looking for a full-featured, free program that has powerful, commercial-grade add-ons and training available. Network Monitor is definitely worth knowing if you work (or plan to work) in a Microsoft shop, since it will already be available on your servers. Plus, some admins find Network Monitor easier to learn and use for regular, basic tasks. Whichever you use, seeing the depth of information available to you—or anyone who can access your network—is worthwhile.