Which device monitors network traffic in a passive manner?

A.
Sniffer

B.
IDS

C.
Firewall

D.
Web browser

Explanation:
A sniffer is another name for a protocol analyzer. A protocol analyzer performs its function in a passive
manner. In other words, computers on the network do not know that their data packets have been
captured.
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network
data communications sent between devices on a network. Capturing packets sent from a computer
system is known as packet sniffing.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from
Microsoft and Wireshark (formerly Ethereal).
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to
a local area network that is not filtered or switched, the traffic can be broadcast to all computers
contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore
all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is
shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic.
The NIC is put into promiscuous mode, and it reads communications between computers within a
particular segment. This allows the sniffer to seize everything that is flowing in the network, which can
lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware
or software solution. A sniffer is also known as a packet analyzer.
Incorrect Answers:
B: An intrusion detection system (IDS) is a device or software application that monitors network or system
activities for malicious activities or policy violations and produces reports to a management station. IDS
come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways.
There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may
attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents,logging information about them, and reporting attempts. An IDS does not passively monitor network
traffic.
C: A firewall is used to block or allow network traffic according to rules specifying source address,
destination address, protocol or port number. It does not passively monitor network traffic.
D: A Web browser is used to view web sites. It does not monitor network traffic.

http://www.techopedia.com/definition/4113/sniffer
http://en.wikipedia.org/wiki/Intrusion_detection_system