Solved

What is your favorite Protocol Analyzer / Network Sniffing utility etc and why?

Posted on 2004-10-18
17
701 Views
Last Modified: 2010-04-11
I am looking at adding some utilities to my tool kit and looking for some advise on what others are using.  I have access to a Sniffer Pro Distributed with 5 ports (1 integrated and 4 virtual) on my WAN but looking to add some portable options.  

What do you use and why do you think it is the best for you?
0
Comment
Question by:RDAdams
  • 3
  • 2
  • 2
  • +9
17 Comments
 
LVL 14

Accepted Solution

by:
RichieHindle earned 100 total points
ID: 12342429
Ethereal, http://www.ethereal.com/  It's free, cross platform, very reliable, and understands lots of protocols.  It's always done whatever I've needed from it.
0
 
LVL 3

Assisted Solution

by:happythedog
happythedog earned 100 total points
ID: 12342499
Fluke Network analyzers are great, as is a wiremapper cabletester etc,
0
 
LVL 13

Assisted Solution

by:Caseybea
Caseybea earned 100 total points
ID: 12343994
I second the vote for Ethereal.    note:   **It's available for a variety of operating system platforms.**    And the price is right (free).

"Netstumbler" (www.netstumbler.com) is another cool tool for networks-- since wireless networks are becoming more and more pervasive....  

You also said you're asking for "etc"....  so I'll put in my $0.02---    something that should be a part of EVERY technical dude's (or dudette's) toolkit is KNOPPIX.

http://www.knoppix.net

It's a CD-ONLY linux distribution (inset cd, boot, voila!  NO install) - and comes with TONS of tools.   (Can't remember if ethereal is on there by default or not).   But there's tons of OTHER things that are great network tools, AND tools to help do things like rescue fried boot loaders, etc etc.   Give it a shot.

0
 
LVL 7

Assisted Solution

by:shahrial
shahrial earned 100 total points
ID: 12344654
RDAdams,
... what can i say...it already been said. Agreed with RichieHindle and Caseybea...
1.) Ethereal - for wired network
2.) Netstumbler - for wireless network
3.) Knoppix - good for a lot of things...(mine comes with Ethereal).

A whole suite of WildPackets products are also good,
- EtherPeek NX - for wired network
- AiroPeek NX - for wireless network
- GigaPeek NX - for Gigabit network
- EtherPeek VX - for VoIP Network

...;-)
0
 
LVL 2

Assisted Solution

by:kitisak
kitisak earned 50 total points
ID: 12347154
I like to use windump, TCPdump(linux), and Ethereal.
All of them are freewares.
0
 

Assisted Solution

by:futurelogix
futurelogix earned 50 total points
ID: 12356383
http://www.snort.org/

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort
0
 
LVL 17

Author Comment

by:RDAdams
ID: 12357374
Hmm this is a good start.   I have tried ethereal but some of these others mentioned I haven't looked at yet.

Does anyone know of a utility that looks similar to the Sniffer Pro dashboard?  Something with Gauges to see general traffic stats in real time?
0
 
LVL 7

Assisted Solution

by:shahrial
shahrial earned 100 total points
ID: 12358707
The NetBoy Suite is a complete real-time visual Internet and LAN network monitoring suite of software tools, that simplifies the task of Network Managers to troubleshoot and efficiently maintain networks.
http://www.snmp.co.uk/netboy/

The NetBoy Suite is a collection of three programs:

EtherBoy - The real time visual multi protocol LAN monitor
WebBoy - The real time visual Web traffic LAN Monitor
PacketBoy - The packet capture, analyzer and decoder

Free trial copy is available for download...;-)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 17

Author Comment

by:RDAdams
ID: 12417670
Any other comments???
0
 
LVL 2

Expert Comment

by:dramatix01
ID: 12427822
I am a big fan of the free utilities as are most of the others here, but had some experience with the Wildpackets products.  The Wildpackets products also have the gauges, line and bar graphs that some seems to love, but you pay dearly for all of those little features.

Also, my two cents...  Mentioned above was Knoppix.  I prefer PHLAK.  Similar to Knoppix as it boots and runs off of a CD, but there isn't a lot of fluff.  By fluff I mean redundant programs and games.  PHLAK's focus is on the tools...  It does include Ethereal, too.

Hope this helps.
0
 
LVL 2

Expert Comment

by:winkingtiger
ID: 12431467
I like Ethereal except for its lack of wireless NIC support.  It does everything you need it to and more....plus it's free.

Ethereal.com
0
 
LVL 7

Expert Comment

by:shahrial
ID: 12433783
PHLAK is a purpose built software...(very nice)...;-)
[P]rofessional [H]acker's [L]inux[A]ssault [K]it.....

Linux Tools
http://www.phlak.org/modules/sections/index.php?op=viewarticle&artid=1

Windows Tools
http://www.phlak.org/modules/sections/index.php?op=viewarticle&artid=2

To download : http://www.phlak.org/modules/mydownloads/
0
 
LVL 6

Expert Comment

by:JRaster
ID: 12436635
I like IRIS by eeye.  But it costs $$$
0
 

Expert Comment

by:alien_ghost
ID: 12467369
erm... hey, everything there is to say has been said!
yeah, ethereal, nmap (www.insecure.org), netstubler, knoppix, Professional Hacker's Linux Assault Kit (www.phlak.org), etc, etc

hope this helps!
:)

btw, ethereal DOES support wireless nics! and virtual adapters. i use it on my school's network, all the time via the wireless! on XP and Fedora Core 2. works perfect!
0
 

Expert Comment

by:alien_ghost
ID: 12467542
www.nessus.org is quite cool
sorry, im new here, and don't know how to edit my previous post, in order to add this to it...
definetly try phlak
0
 
LVL 2

Expert Comment

by:kitisak
ID: 12489570
snort -v
0
 
LVL 1

Expert Comment

by:FSMB
ID: 14343666
Though this thread is old, a great freeware scanner would be superscan 4.0 - foundstone.com...
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now