Nowadays, with growing of computer's networks and Internet, the security of data, systems and applications is becoming a real challenge for network's developers and administrators. An intrusion detection system is the first and reliable technique in the network's security that is based gathering data from computer network. Further, the need for monitoring, auditing and analysis tools of data traffic is becoming an important factor to increase an overall system and network security by avoiding external attackers and monitoring abuse of the IT assets by employees in the workplace. The techniques that used for collecting and converting data to a readable format are called packet sniffing. Packet Sniffer is a tool that used to capture packets in binary format, converts that binary data into a readable data format and log of that captured data for analyzing and monitoring, displaying different used applications, clear-text user names, passwords, and other vulnerabilities. It is used by network administrator to keep the network is more secured, safe and to support better decision. There are many different sniffing tools for monitoring, analyzing, and reporting the network's traffic. In this paper we will compare between three different sniffing tools; TCPDump, Wireshark, and Colasoft according to various parameters such as their detection ability, filtering, availability, supported operating system, open source, GUI, their characteristics and features, qualitative and quantitative parameters. In addition, this paper may be considered as an insight for the new researchers to guide them to an overview, essentials, and understanding of the packet sniffing techniques and their working.