?
Solved

Packet Analyzer Software Recommendations Needed

Posted on 2004-04-02
7
Medium Priority
?
557 Views
Last Modified: 2013-12-07
What would the experts recommend for a good packet analyzer /sniffer these days?  I have a good network background but am not interested in wading through very low level network traffic to figure out everything by myself, and want to find a software package that has some decent analysis of the packets.  I support a variety of different networks, so it can't be hardware centric (switch or router).  The product should probably be Windows-based for my laptop, it doesn't have to be freeware or shareware but it needs to be under $1,000.   Please consider price with the features when analyzing.  Links appreciated.  
0
Comment
Question by:thefumbler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 2000 total points
ID: 10745101
I've used Network Associate's Sniffer Pro, Ethereal, NetMon, and Protocol Expert.  Of all of them, I like Protocol Expert the best - it has a lot of advanced features - such as being able to zero the delta time, advanced filters, conversation filters, etc.  I would highly recommend it.  http://www.flukenetworks.com/us/LAN/Monitoring+Analysis+Diagramming/OptiView+Protocol+Expert/Overview.htm.  I don't know how much it costs - I think it's probably around $1000.  I would recommend it over Sniffer Pro.

Of the free, you cant beat Ethereal.  http://www.ethereal.com/download.html

IMHO, Microsoft doesn't do real networking well - but you can get NetMon from the NT4.0 disks - if you can find them.  I haven't used it since then, so I don't know about if it's on Win2K, XP, or 2003.  I would just as soon avoid it.

I don't know how much Sniffer is these days, but it's here:  http://www.networkassociates.com/us/products/sniffer/home.asp

I haven't used Iris - but it appears to be WFC!!!  It's $1295 but it has the ability to REBUILD pages from captured data ... not necessary for protocol analysis - but very cool for "information gathering".  http://www.eeye.com/html/Products/Iris/index.html

HTH
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10745490
pseudocyber: Flukes' product OPV-PE/PRO is $4,000+, that's outside of the budget unfortunately, same for Sniffer.  I tested Ethereal briefly and it is good at capturing packets but I would like a little more help in figuring out the protocol information in the packet which is a bit complex for me.  
 
Am I really asking for a cadillac with a ford pinto budget?  Maybe I should be using Etherreal and going to the bookstore and spending $100 on a reference.

Pardon my ignorance, what's the WFC!!! acronym?
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10745871
Hi,
Below is an answer to a similar post
http://www.experts-exchange.com/Security/Q_20923466.html
Cheers
Ian
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:pseudocyber
ID: 10746252
Wicked F Cool.
0
 
LVL 9

Expert Comment

by:cdesigner
ID: 10751509
http://www.tamos.com
CommView ( LAN, WAN, WIFI sniffer )

Pavel Sokolov
http://www.cezeo.com
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10752217
I realize that that the protocol breakdowns in percentages or graphs are very helpful and Ethereal for free doesn't have that unless I missed it.  
Iris Network Traffic Analyzer at $1275 looks promising.  I downloaded the demo version and the graphing and the ability to reconstruct a web page is very cool and helpful when documenting abuses to HR.  However it may be due to the demo version but the host addresses (limit 10) don't save properly and a few other oddities.  I am requesting an unrestricted version for testing.  
Tamos' Commview at $249, also looks promising from the screen shots but I haven't tested yet.  The interface doesn't look as polished as Iris which is probably the reason for the price.
In the other post at http://www.experts-exchange.com/Security/Q_20923466.html, the free http://www.packetyzer.com may also be an option  I will look into, but the program needs to run under windows so tcpdump is not an option.
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10793526
The non-demo version of the Iris Network Traffic Analyzer solves the problems I was seeing in the demo version and its reasonable cost with the extra feature of the http packet rebuilding to show a visited web page it looks like the direction I will be going.  

Thanks
0

Featured Post

WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question