According to SEC 10-K filings[4][5][6] and corporate annual reports,[7] between 1986 and March 1997 about $933M worth of Sniffers and related products and services had been sold as tools for network managers and developers.

The inspiration was an internal test tool that had been developed within Nestar Systems,[10] a personal computer networking company founded in October 1978 by Saal and Shustek along with Jim Hinds and Nick Fortis.

When Nestar was acquired by Digital Switch Corporation (now DSC Communications) of Plano, Texas in 1986,[11] Saal and Shustek received the rights to TART.

At Network General, Saal and Shustek initially sold TART as the “R-4903 ARCNET Line Analyzer (‘The Sniffer’)”.

[12] They then reengineered TART for IBM’s Token Ring network hardware, created a different user interface with software written in C, and began selling it as The Sniffer™ in December 1986.

Since the ability to receive all packets was viewed as a violation of network privacy, the circuitry implementing it was kept secret, and the daughterboard was potted in black epoxy to discourage reverse-engineering.

That was implemented with a combination of locally cached data within the protocol interpreter, and the ability to look back at earlier packets stored in the capture buffer.

Several were, like the Sniffer, ready-to-use packaged instruments: There were also several software-only packet monitors and decoders, often running on Unix, and often with only a command-line user interface: