Solved

Packet Analyzer Software Recommendations Needed

Posted on 2004-04-02
7
553 Views
Last Modified: 2013-12-07
What would the experts recommend for a good packet analyzer /sniffer these days?  I have a good network background but am not interested in wading through very low level network traffic to figure out everything by myself, and want to find a software package that has some decent analysis of the packets.  I support a variety of different networks, so it can't be hardware centric (switch or router).  The product should probably be Windows-based for my laptop, it doesn't have to be freeware or shareware but it needs to be under $1,000.   Please consider price with the features when analyzing.  Links appreciated.  
0
Comment
Question by:thefumbler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 500 total points
ID: 10745101
I've used Network Associate's Sniffer Pro, Ethereal, NetMon, and Protocol Expert.  Of all of them, I like Protocol Expert the best - it has a lot of advanced features - such as being able to zero the delta time, advanced filters, conversation filters, etc.  I would highly recommend it.  http://www.flukenetworks.com/us/LAN/Monitoring+Analysis+Diagramming/OptiView+Protocol+Expert/Overview.htm.  I don't know how much it costs - I think it's probably around $1000.  I would recommend it over Sniffer Pro.

Of the free, you cant beat Ethereal.  http://www.ethereal.com/download.html

IMHO, Microsoft doesn't do real networking well - but you can get NetMon from the NT4.0 disks - if you can find them.  I haven't used it since then, so I don't know about if it's on Win2K, XP, or 2003.  I would just as soon avoid it.

I don't know how much Sniffer is these days, but it's here:  http://www.networkassociates.com/us/products/sniffer/home.asp

I haven't used Iris - but it appears to be WFC!!!  It's $1295 but it has the ability to REBUILD pages from captured data ... not necessary for protocol analysis - but very cool for "information gathering".  http://www.eeye.com/html/Products/Iris/index.html

HTH
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10745490
pseudocyber: Flukes' product OPV-PE/PRO is $4,000+, that's outside of the budget unfortunately, same for Sniffer.  I tested Ethereal briefly and it is good at capturing packets but I would like a little more help in figuring out the protocol information in the packet which is a bit complex for me.  
 
Am I really asking for a cadillac with a ford pinto budget?  Maybe I should be using Etherreal and going to the bookstore and spending $100 on a reference.

Pardon my ignorance, what's the WFC!!! acronym?
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10745871
Hi,
Below is an answer to a similar post
http://www.experts-exchange.com/Security/Q_20923466.html
Cheers
Ian
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 27

Expert Comment

by:pseudocyber
ID: 10746252
Wicked F Cool.
0
 
LVL 9

Expert Comment

by:cdesigner
ID: 10751509
http://www.tamos.com
CommView ( LAN, WAN, WIFI sniffer )

Pavel Sokolov
http://www.cezeo.com
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10752217
I realize that that the protocol breakdowns in percentages or graphs are very helpful and Ethereal for free doesn't have that unless I missed it.  
Iris Network Traffic Analyzer at $1275 looks promising.  I downloaded the demo version and the graphing and the ability to reconstruct a web page is very cool and helpful when documenting abuses to HR.  However it may be due to the demo version but the host addresses (limit 10) don't save properly and a few other oddities.  I am requesting an unrestricted version for testing.  
Tamos' Commview at $249, also looks promising from the screen shots but I haven't tested yet.  The interface doesn't look as polished as Iris which is probably the reason for the price.
In the other post at http://www.experts-exchange.com/Security/Q_20923466.html, the free http://www.packetyzer.com may also be an option  I will look into, but the program needs to run under windows so tcpdump is not an option.
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10793526
The non-demo version of the Iris Network Traffic Analyzer solves the problems I was seeing in the demo version and its reasonable cost with the extra feature of the http packet rebuilding to show a visited web page it looks like the direction I will be going.  

Thanks
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question