Solved

Packet Analyzer Software Recommendations Needed

Posted on 2004-04-02
7
549 Views
Last Modified: 2013-12-07
What would the experts recommend for a good packet analyzer /sniffer these days?  I have a good network background but am not interested in wading through very low level network traffic to figure out everything by myself, and want to find a software package that has some decent analysis of the packets.  I support a variety of different networks, so it can't be hardware centric (switch or router).  The product should probably be Windows-based for my laptop, it doesn't have to be freeware or shareware but it needs to be under $1,000.   Please consider price with the features when analyzing.  Links appreciated.  
0
Comment
Question by:thefumbler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 500 total points
ID: 10745101
I've used Network Associate's Sniffer Pro, Ethereal, NetMon, and Protocol Expert.  Of all of them, I like Protocol Expert the best - it has a lot of advanced features - such as being able to zero the delta time, advanced filters, conversation filters, etc.  I would highly recommend it.  http://www.flukenetworks.com/us/LAN/Monitoring+Analysis+Diagramming/OptiView+Protocol+Expert/Overview.htm.  I don't know how much it costs - I think it's probably around $1000.  I would recommend it over Sniffer Pro.

Of the free, you cant beat Ethereal.  http://www.ethereal.com/download.html

IMHO, Microsoft doesn't do real networking well - but you can get NetMon from the NT4.0 disks - if you can find them.  I haven't used it since then, so I don't know about if it's on Win2K, XP, or 2003.  I would just as soon avoid it.

I don't know how much Sniffer is these days, but it's here:  http://www.networkassociates.com/us/products/sniffer/home.asp

I haven't used Iris - but it appears to be WFC!!!  It's $1295 but it has the ability to REBUILD pages from captured data ... not necessary for protocol analysis - but very cool for "information gathering".  http://www.eeye.com/html/Products/Iris/index.html

HTH
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10745490
pseudocyber: Flukes' product OPV-PE/PRO is $4,000+, that's outside of the budget unfortunately, same for Sniffer.  I tested Ethereal briefly and it is good at capturing packets but I would like a little more help in figuring out the protocol information in the packet which is a bit complex for me.  
 
Am I really asking for a cadillac with a ford pinto budget?  Maybe I should be using Etherreal and going to the bookstore and spending $100 on a reference.

Pardon my ignorance, what's the WFC!!! acronym?
0
 
LVL 6

Expert Comment

by:parkerig
ID: 10745871
Hi,
Below is an answer to a similar post
http://www.experts-exchange.com/Security/Q_20923466.html
Cheers
Ian
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 27

Expert Comment

by:pseudocyber
ID: 10746252
Wicked F Cool.
0
 
LVL 9

Expert Comment

by:cdesigner
ID: 10751509
http://www.tamos.com
CommView ( LAN, WAN, WIFI sniffer )

Pavel Sokolov
http://www.cezeo.com
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10752217
I realize that that the protocol breakdowns in percentages or graphs are very helpful and Ethereal for free doesn't have that unless I missed it.  
Iris Network Traffic Analyzer at $1275 looks promising.  I downloaded the demo version and the graphing and the ability to reconstruct a web page is very cool and helpful when documenting abuses to HR.  However it may be due to the demo version but the host addresses (limit 10) don't save properly and a few other oddities.  I am requesting an unrestricted version for testing.  
Tamos' Commview at $249, also looks promising from the screen shots but I haven't tested yet.  The interface doesn't look as polished as Iris which is probably the reason for the price.
In the other post at http://www.experts-exchange.com/Security/Q_20923466.html, the free http://www.packetyzer.com may also be an option  I will look into, but the program needs to run under windows so tcpdump is not an option.
0
 
LVL 1

Author Comment

by:thefumbler
ID: 10793526
The non-demo version of the Iris Network Traffic Analyzer solves the problems I was seeing in the demo version and its reasonable cost with the extra feature of the http packet rebuilding to show a visited web page it looks like the direction I will be going.  

Thanks
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question