Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Packet sniffers and what to do with them?

Posted on 2002-03-14
3
Medium Priority
?
202 Views
Last Modified: 2013-12-07
Can anyone tell me what a packet sniffer could do for my network?

I have captured a few minutes of traffic...
I understand the src and dest. IP's aloong with the type of traffic.... but how do I know if I have too much traffic or how do I know if I am having a problem?



0
Comment
Question by:dteb
3 Comments
 
LVL 16

Accepted Solution

by:
SteveJ earned 400 total points
ID: 6865217
Using a trace from a packet sniffer to find problems with your network is extremely difficult. Typically you use an packet sniffer to help you locate the source of a problem.

Think of a packet sniffer as something different from a packet analyzer. A packet analyzer will help you locate problems with your network by doing the analysis for you. For example, to know if there was excessive ARP traffic on your network you'd need a trace, then you'd to count each ARP packet for the given time  . . . and you may or may not know what "excessive" means. A packet analyzer keeps track of this stuff on the fly - broadcasts per second, packets per second, bytes per second and on and on . . .

A packet analyzer like Sniffer Pro statistically analyzes data at the packet level. For example, it will note the time that an SYN packet was sent to a server, the time that it took the server to respond, and report this as a "slow server response" condition if the time is above a default threshold. It will also find and report large numbers of conditions that you'd never be able to find unless you were very, very good such as TCP windowing problems or high retransmit rates.

Analyzers also typically come with easy to use filtering software to allow you to limit what you have to sort through.

One packet sniffer thats free is Ethereal. No analysis, just traces. It does give protocol percentage breakdowns, but that's it. You can write filters for capture and display but for novices this can be a daunting task.

What else?

Good luck.
Steve
0
 
LVL 3

Expert Comment

by:CyberStretch
ID: 6865511
It would seem like you are searching for the correct tehcnology for a specifc problem.

In another thread, someone made mention of 3Com's Network Supervisor (http://www.3com.com/products/en_US/result.jsp?selected=5&sort=effdt&order=desc&sku=3C15100C). It is freeware and offers the ability to map and display alerts based upon threshholds that you set for any network component. Although this is not a packet sniffer, it does help to monitor network traffic and potential problems; offering ways to notify you if you are off site or away from the monitoring system.

I have tried this on my home network and it basically works pretty good. Some of the SOHO networking equipment I have is improperly detected, but that is to be expected. Also, I had problems getting the Advanced Package and SP1 to install. (Kept telling me I needed to have Network Supervisor installed, which I do on a different partition than the one setup suggested. Therefore, they could have coded the default install directory into the upgrades.)
0
 

Expert Comment

by:CleanupPing
ID: 9155799
dteb:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question