Sensor of the Week: Packet Sniffer Sensor

 Originally published on January 27, 2015 by Florian Staffort
Last updated on March 03, 2022 • 8 minute read

Although bandwidth isn't as strictly limited as it was some time ago, the perception of seemingly unlimited bandwidth can trigger problems in productive environments. Bandwidth has to be shared by a group of users who, especially in companies, have to rely on their remote services to run smoothly. Therefore it's important to identify fluctuations in bandwidth usage early and distinctly. There are several possibilities to monitor bandwidth. PRTG Network Monitor offers a wide variety of options for bandwidth monitoring like, for example, via WMI, SNMP, various flow protocols (NetFlow and IPFIX, sFlow, jFlow), or Packet Sniffer. Depending on the type of network devices, each technology has its advantages and disadvantages. For an overview of the different bandwidth monitoring approaches, please have a look at the PRTG manual.


If your network devices don't support SNMP or flow monitoring, or you need to differentiate bandwidth usage by network protocol and/or IP addresses, packet sniffing is the way to go. To calculate bandwidth usage, the Packet Sniffer Sensor looks at every single data package that travels through your network. PRTG analyzes the packets passing the network card of a PC or the monitoring port of a switch; you can also use remote probes to set up packet sniffers anywhere in your network.

In detail the Packet Sniffer Sensor enables you to keep an eye on the following channels:

  • Web for internet web traffic,
  • File Transfer for traffic caused by FTP (File Transfer Protocol),
  • Mail for internet email traffic,
  • Chat for traffic caused by chat and instant messaging,
  • Remote Control for traffic caused by remote control applications, such as RDP, SSH, Telnet, or VNC,
  • Infrastructure for traffic caused by network services, such as DHCP, DNS, Ident, ICMP, or SNMP,
  • NetBIOS for traffic caused by NetBIOS communication,
  • Citrix for traffic caused by Citrix applications, and
  • Other Protocols for traffic caused by various other protocols via UDP and TCP.


Packet sniffing not only allows you to measure the total bandwidth usage: You can also let PRTG break down the traffic by IP address, port, protocol and other parameters. The results are shown in Toplists, which offer three predefined bandwidth categories for each sensor:

  • Top Connections shows bandwidth usage by connection,
  • Top Protocols shows bandwidth usage by protocol, and
  • Top Talkers shows bandwidth usage by IP address.

For more information on bandwidth monitoring via packet sniffing in general and the Packet Sniffer Sensor in detail, please have a look at the PRTG manual.


All Sensors of the Week

You have missed other articles of our "Sensors of the Week" blog series? Just take a look at the last 10 sensors:

Subscribe to our RSS feed to always stay up to date on new articles!