Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 584
  • Last Modified:

Packet Analyzer Software Recommendations Needed

What would the experts recommend for a good packet analyzer /sniffer these days?  I have a good network background but am not interested in wading through very low level network traffic to figure out everything by myself, and want to find a software package that has some decent analysis of the packets.  I support a variety of different networks, so it can't be hardware centric (switch or router).  The product should probably be Windows-based for my laptop, it doesn't have to be freeware or shareware but it needs to be under $1,000.   Please consider price with the features when analyzing.  Links appreciated.  
0
thefumbler
Asked:
thefumbler
1 Solution
 
pseudocyberCommented:
I've used Network Associate's Sniffer Pro, Ethereal, NetMon, and Protocol Expert.  Of all of them, I like Protocol Expert the best - it has a lot of advanced features - such as being able to zero the delta time, advanced filters, conversation filters, etc.  I would highly recommend it.  http://www.flukenetworks.com/us/LAN/Monitoring+Analysis+Diagramming/OptiView+Protocol+Expert/Overview.htm.  I don't know how much it costs - I think it's probably around $1000.  I would recommend it over Sniffer Pro.

Of the free, you cant beat Ethereal.  http://www.ethereal.com/download.html

IMHO, Microsoft doesn't do real networking well - but you can get NetMon from the NT4.0 disks - if you can find them.  I haven't used it since then, so I don't know about if it's on Win2K, XP, or 2003.  I would just as soon avoid it.

I don't know how much Sniffer is these days, but it's here:  http://www.networkassociates.com/us/products/sniffer/home.asp

I haven't used Iris - but it appears to be WFC!!!  It's $1295 but it has the ability to REBUILD pages from captured data ... not necessary for protocol analysis - but very cool for "information gathering".  http://www.eeye.com/html/Products/Iris/index.html

HTH
0
 
thefumblerAuthor Commented:
pseudocyber: Flukes' product OPV-PE/PRO is $4,000+, that's outside of the budget unfortunately, same for Sniffer.  I tested Ethereal briefly and it is good at capturing packets but I would like a little more help in figuring out the protocol information in the packet which is a bit complex for me.  
 
Am I really asking for a cadillac with a ford pinto budget?  Maybe I should be using Etherreal and going to the bookstore and spending $100 on a reference.

Pardon my ignorance, what's the WFC!!! acronym?
0
 
parkerigCommented:
Hi,
Below is an answer to a similar post
http://www.experts-exchange.com/Security/Q_20923466.html
Cheers
Ian
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
pseudocyberCommented:
Wicked F Cool.
0
 
cdesignerCommented:
http://www.tamos.com
CommView ( LAN, WAN, WIFI sniffer )

Pavel Sokolov
http://www.cezeo.com
0
 
thefumblerAuthor Commented:
I realize that that the protocol breakdowns in percentages or graphs are very helpful and Ethereal for free doesn't have that unless I missed it.  
Iris Network Traffic Analyzer at $1275 looks promising.  I downloaded the demo version and the graphing and the ability to reconstruct a web page is very cool and helpful when documenting abuses to HR.  However it may be due to the demo version but the host addresses (limit 10) don't save properly and a few other oddities.  I am requesting an unrestricted version for testing.  
Tamos' Commview at $249, also looks promising from the screen shots but I haven't tested yet.  The interface doesn't look as polished as Iris which is probably the reason for the price.
In the other post at http://www.experts-exchange.com/Security/Q_20923466.html, the free http://www.packetyzer.com may also be an option  I will look into, but the program needs to run under windows so tcpdump is not an option.
0
 
thefumblerAuthor Commented:
The non-demo version of the Iris Network Traffic Analyzer solves the problems I was seeing in the demo version and its reasonable cost with the extra feature of the http packet rebuilding to show a visited web page it looks like the direction I will be going.  

Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now