Which statement is TRUE about the operation of a packet sniffer?

A.
It can only have one interface on a management network.

B.
They are required for firewall operation and stateful inspection.

C.
The Ethernet card must be placed in promiscuous mode.

D.
It must be placed on a single virtual LAN interface.

Explanation:
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the
traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings
and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card
(NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows
the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either
a hardware or software solution. A sniffer is also known as a packet analyzer.
Incorrect Answers:
A: A packet sniffer can have more than one interface on a management network. Therefore, this answer is incorrect.
B: A packet sniffer is not required for firewall operation and stateful inspection. Firewalls and packet sniffers are two different devices. Therefore, this answer is
incorrect.
D: A virtual LAN interface is not required for packet sniffing. Therefore, this answer is incorrect.

http://www.techopedia.com/definition/4113/sniffer