¨Useful for monitoring session-oriented applications such as telnet, rlogin, and ftp
¨Activated by
starting sniffit with “-i” option
¨Sorts packets into
sessions based on IP addresses and port
numbers
¨Identifies userIDs
and passwords
¨Allows attacker to
watch keystrokes of victim in real time.
¨