What is your favorite Protocol Analyzer / Network Sniffing utility etc and why?

I am looking at adding some utilities to my tool kit and looking for some advise on what others are using.  I have access to a Sniffer Pro Distributed with 5 ports (1 integrated and 4 virtual) on my WAN but looking to add some portable options.  

What do you use and why do you think it is the best for you?
LVL 17
Who is Participating?
RichieHindleConnect With a Mentor Commented:
Ethereal, http://www.ethereal.com/  It's free, cross platform, very reliable, and understands lots of protocols.  It's always done whatever I've needed from it.
happythedogConnect With a Mentor Commented:
Fluke Network analyzers are great, as is a wiremapper cabletester etc,
CaseybeaConnect With a Mentor Commented:
I second the vote for Ethereal.    note:   **It's available for a variety of operating system platforms.**    And the price is right (free).

"Netstumbler" (www.netstumbler.com) is another cool tool for networks-- since wireless networks are becoming more and more pervasive....  

You also said you're asking for "etc"....  so I'll put in my $0.02---    something that should be a part of EVERY technical dude's (or dudette's) toolkit is KNOPPIX.


It's a CD-ONLY linux distribution (inset cd, boot, voila!  NO install) - and comes with TONS of tools.   (Can't remember if ethereal is on there by default or not).   But there's tons of OTHER things that are great network tools, AND tools to help do things like rescue fried boot loaders, etc etc.   Give it a shot.

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

shahrialConnect With a Mentor Commented:
... what can i say...it already been said. Agreed with RichieHindle and Caseybea...
1.) Ethereal - for wired network
2.) Netstumbler - for wireless network
3.) Knoppix - good for a lot of things...(mine comes with Ethereal).

A whole suite of WildPackets products are also good,
- EtherPeek NX - for wired network
- AiroPeek NX - for wireless network
- GigaPeek NX - for Gigabit network
- EtherPeek VX - for VoIP Network

kitisakConnect With a Mentor Commented:
I like to use windump, TCPdump(linux), and Ethereal.
All of them are freewares.
futurelogixConnect With a Mentor Commented:

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort
RDAdamsAuthor Commented:
Hmm this is a good start.   I have tried ethereal but some of these others mentioned I haven't looked at yet.

Does anyone know of a utility that looks similar to the Sniffer Pro dashboard?  Something with Gauges to see general traffic stats in real time?
shahrialConnect With a Mentor Commented:
The NetBoy Suite is a complete real-time visual Internet and LAN network monitoring suite of software tools, that simplifies the task of Network Managers to troubleshoot and efficiently maintain networks.

The NetBoy Suite is a collection of three programs:

EtherBoy - The real time visual multi protocol LAN monitor
WebBoy - The real time visual Web traffic LAN Monitor
PacketBoy - The packet capture, analyzer and decoder

Free trial copy is available for download...;-)
RDAdamsAuthor Commented:
Any other comments???
I am a big fan of the free utilities as are most of the others here, but had some experience with the Wildpackets products.  The Wildpackets products also have the gauges, line and bar graphs that some seems to love, but you pay dearly for all of those little features.

Also, my two cents...  Mentioned above was Knoppix.  I prefer PHLAK.  Similar to Knoppix as it boots and runs off of a CD, but there isn't a lot of fluff.  By fluff I mean redundant programs and games.  PHLAK's focus is on the tools...  It does include Ethereal, too.

Hope this helps.
I like Ethereal except for its lack of wireless NIC support.  It does everything you need it to and more....plus it's free.

PHLAK is a purpose built software...(very nice)...;-)
[P]rofessional [H]acker's [L]inux[A]ssault [K]it.....

Linux Tools

Windows Tools

To download : http://www.phlak.org/modules/mydownloads/
I like IRIS by eeye.  But it costs $$$
erm... hey, everything there is to say has been said!
yeah, ethereal, nmap (www.insecure.org), netstubler, knoppix, Professional Hacker's Linux Assault Kit (www.phlak.org), etc, etc

hope this helps!

btw, ethereal DOES support wireless nics! and virtual adapters. i use it on my school's network, all the time via the wireless! on XP and Fedora Core 2. works perfect!
www.nessus.org is quite cool
sorry, im new here, and don't know how to edit my previous post, in order to add this to it...
definetly try phlak
snort -v
Though this thread is old, a great freeware scanner would be superscan 4.0 - foundstone.com...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.