What does sniffing refer to in network security?

Sniffing is the act of intercepting and collecting data traveling across a network. A packet sniffer sits on the network path (in promiscuous mode on wired networks or monitor mode on wireless) and captures the raw frames as they traverse the segment. This allows someone to see the contents of the traffic, potentially including credentials or sensitive information if the data isn’t encrypted. In legitimate contexts, network admins use sniffing tools for troubleshooting and performance analysis, but attackers can misuse it for credential theft, eavesdropping, or traffic analysis. Encrypting data in transit greatly mitigates this risk by making captured payloads unreadable, though metadata can still be observed. The other options describe actions unrelated to sniffing: hardening devices is about defense, physical tampering is hardware-focused, and encrypting data in transit is a protective measure rather than the act of capturing traffic.