To illustrate how a packet sniffer works, first one must understand how a network hub (as used in this example) works.

When network traffic is sent from upstream to a host attached to the hub, the hub re-transmits this data to all hosts on the hub. By default, the NIC in a computer is not set to promiscuous mode, in other words, unless the traffic is addressed to (a) broadcast or (b) specifically its address, it ignores it.

At this point, the packet sniffer can operate in one of two modes, it can sniff only the traffic addressed to it, or it can enter promiscuous mode and sniff all traffic recieved.

Since the most common use of packet sniffers is on college networks, the obvious choice is to tell your packet sniffer of choice to enable promiscuous mode. At this point, you are now recieving a massive list of all network traffic generated by everyone on your hub.

At most dorms, this is a good 10+ people on a single network hub, which enables the person running the sniffer to gather POP and IMAP passwords (generally unencrypted), as well as monitor AIM/IRC conversations, keep track of what websites everyone browses, etc.

And the packet sniffer is nice enough to sort by which IP address each packet comes from, and filter based on protocol.

This only covers the negative aspects of packet sniffers, however, and they have many legitimate reasons such as testing to see if a NIC is functioning properly, to ensure that workers in an office aren't cruising porn sites on company time, etc.