Packet capturing software works by intercepting and logging network traffic. It sets the network interface card to promiscuous mode to read all incoming packets. Packet sniffers passively receive data frames and can be used to troubleshoot networks, but they also allow sensitive data like usernames and passwords to be intercepted if in the wrong hands. Detection methods involve sending fake network traffic and monitoring for unauthorized duplication of responses to identify potential sniffing software.