Solved

Packet Analyzer Software Recommendations Needed

Posted on 2004-04-02
7
546 Views
Last Modified: 2013-12-07
What would the experts recommend for a good packet analyzer /sniffer these days?  I have a good network background but am not interested in wading through very low level network traffic to figure out everything by myself, and want to find a software package that has some decent analysis of the packets.  I support a variety of different networks, so it can't be hardware centric (switch or router).  The product should probably be Windows-based for my laptop, it doesn't have to be freeware or shareware but it needs to be under $1,000.   Please consider price with the features when analyzing.  Links appreciated.  
0
Comment
Question by:thefumbler
7 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 500 total points
ID: 10745101
I've used Network Associate's Sniffer Pro, Ethereal, NetMon, and Protocol Expert.  Of all of them, I like Protocol Expert the best - it has a lot of advanced features - such as being able to zero the delta time, advanced filters, conversation filters, etc.  I would highly recommend it.  http://www.flukenetworks.com/us/LAN/Monitoring+Analysis+Diagramming/OptiView+Protocol+Expert/Overview.htm.  I don't know how much it costs - I think it's probably around $1000.  I would recommend it over Sniffer Pro.

Of the free, you cant beat Ethereal.  http://www.ethereal.com/download.html

IMHO, Microsoft doesn't do real networking well - but you can get NetMon from the NT4.0 disks - if you can find them.  I haven't used it since then, so I don't know about if it's on Win2K, XP, or 2003.  I would just as soon avoid it.

I don't know how much Sniffer is these days, but it's here:  http://www.networkassociates.com/us/products/sniffer/home.asp

I haven't used Iris - but it appears to be WFC!!!  It's $1295 but it has the ability to REBUILD pages from captured data ... not necessary for protocol analysis - but very cool for "information gathering".  http://www.eeye.com/html/Products/Iris/index.html

HTH
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10745490
pseudocyber: Flukes' product OPV-PE/PRO is $4,000+, that's outside of the budget unfortunately, same for Sniffer.  I tested Ethereal briefly and it is good at capturing packets but I would like a little more help in figuring out the protocol information in the packet which is a bit complex for me.  
 
Am I really asking for a cadillac with a ford pinto budget?  Maybe I should be using Etherreal and going to the bookstore and spending $100 on a reference.

Pardon my ignorance, what's the WFC!!! acronym?
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10745871
Hi,
Below is an answer to a similar post
http://www.experts-exchange.com/Security/Q_20923466.html
Cheers
Ian
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 27

Expert Comment

by:pseudocyber
ID: 10746252
Wicked F Cool.
0
 
LVL 9

Expert Comment

by:cdesigner
ID: 10751509
http://www.tamos.com
CommView ( LAN, WAN, WIFI sniffer )

Pavel Sokolov
http://www.cezeo.com
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10752217
I realize that that the protocol breakdowns in percentages or graphs are very helpful and Ethereal for free doesn't have that unless I missed it.  
Iris Network Traffic Analyzer at $1275 looks promising.  I downloaded the demo version and the graphing and the ability to reconstruct a web page is very cool and helpful when documenting abuses to HR.  However it may be due to the demo version but the host addresses (limit 10) don't save properly and a few other oddities.  I am requesting an unrestricted version for testing.  
Tamos' Commview at $249, also looks promising from the screen shots but I haven't tested yet.  The interface doesn't look as polished as Iris which is probably the reason for the price.
In the other post at http://www.experts-exchange.com/Security/Q_20923466.html, the free http://www.packetyzer.com may also be an option  I will look into, but the program needs to run under windows so tcpdump is not an option.
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10793526
The non-demo version of the Iris Network Traffic Analyzer solves the problems I was seeing in the demo version and its reasonable cost with the extra feature of the http packet rebuilding to show a visited web page it looks like the direction I will be going.  

Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 149
How can I configure an Apache browser to redirect SSL requests to another Apache's SSL? 3 63
Cisco switch suggestion 5 42
NAT not working on trunk 6 24
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now