A "network analyzer" (also called a sniffer), is a device that makes it possible to "monitor" a network's traffic, that is, to capture information circulating on that network.
On an unswitched network, data are sent to all of the network's machines. Yet under normal use, machines ignore packets that are not addressed to them. As such, by using the network interface in a specific mode (generally called promiscuous mode), it is possible to monitor all of the traffic passing through a network adapter (an Ethernet network card, a wireless network card, etc.).
A sniffer is an impressive tool that makes it possible to monitor a network's traffic. It is generally used by administrators to diagnose problems on their network and to find out about the traffic circulating on the network. Intrusion detection systems (IDS) are based on a sniffer to capture packets, and use a rules database to detect suspicious packets.
Unfortunately, like all administration tools, the sniffer can also be used by malicious individuals having physical access to the network to gather information. This risk is even higher on wireless networks since it is hard to confine radio waves to a limited area, so malicious persons can monitor traffic just by being in the neighborhood.
The vast majority of Internet protocols convey information that is unscrambled, that is, that is not encrypted. Therefore, when a network user consults his messages via the POP or IMAP protocol or surfs the Internet on sites whose addresses do not start with HTTPS, all of the sent or received information can be intercepted. This is how specific sniffers have been developed by hackers in order to retrieve passwords circulating on networks.
There are several ways to protect yourself from troubles that could arise due to the use of a sniffer on your network: