Comparison of packet analyzers

Last updated September 13, 2024

The following tables compare general and technical information for several packet analyzer software utilities, also known as network analyzers or packet sniffers. Please see the individual products' articles for further information.

General information

Basic general information about the software—creator/company, license/price, etc.

	Creator	Latest release	User interface	Software license	Cost
Allegro Network Multimeter	Allegro Packets	July 20, 2023 / v4.0.4	web GUI	Proprietary	Non-free, price on request, depending on device and extensions
Cain and Abel	Massimiliano Montoro	April 7, 2014 / 4.9.56	GUI	Freeware	Free
Capsa	Colasoft	April 24, 2018 / 11.1^[1]	GUI	Proprietary	$0–$995, depending on version^[2]
Carnivore	Federal Bureau of Investigation	?	?	N/A	?
Charles Web Debugging Proxy	Karl van Randow	July 10, 2017 / 4.1.4	GUI	?	$30–$50 (Free Trial)
Clarified Analyzer	Clarified Networks		GUI	Proprietary	Non-free
Clusterpoint Network Traffic Surveillance System	Clusterpoint		web GUI	Proprietary	?
CommView	TamoSoft	November 30, 2017 / 6.5 Build 770	GUI	Proprietary	$299–$599, $149 1 year subscription
dSniff	Dug Song	December 17, 2000 / 2.3^[3]	CLI	BSD License	Free
EtherApe	Juan Toledo	June 3, 2018 / 0.9.18^[4]	GUI	GNU General Public License	Free
Ettercap	ALoR and NaGA	August 1, 2020 / 0.8.3.1-Bertillon^[5]	Both	GNU General Public License	Free
Fiddler	Eric Lawrence / Telerik	October 3, 2019 / 5.0.20194^[6]	GUI	Freeware	Free
justniffer	The Justniffer team	March 21, 2016 / 0.5.15^[7]	CLI	GNU General Public License	Free
Kismet	Mike Kershaw (dragorn)	May 2, 2020 / 2020-04-R3^[8]	CLI	GNU General Public License	Free
Microsoft Message Analyzer	Microsoft	October 28, 2016 / 1.4^[9]	GUI	Proprietary	Free
Microsoft Network Monitor	Microsoft	June 24, 2010 / 3.4	GUI	Proprietary	Free
netsniff-ng	Daniel Borkmann	November 7, 2016 / 0.6.2	CLI	GNU General Public License	Free
ngrep	Jordan Ritter	September 7, 2017 / 1.47	CLI	BSD-style	Free
Observer	Viavi Solutions (formerly Network Instruments)		GUI	Proprietary	Price on request
OmniPeek (formerly AiroPeek, EtherPeek)	LiveAction (formerly Savvius, WildPackets)	November 2017 / 11.1	GUI	Proprietary	$1194–$5994, depending on version^[10]
Sniffer	Netscout (formerly Network General)	2013^[11]	GUI	Proprietary	Non-free
SteelCentral Transaction Analyzer	OPNET Technologies/Riverbed Technology	June 9, 2014 / 17.0.T-PL1^[12]	GUI	Proprietary	Non-free
snoop	Sun Microsystems	December 11, 2006 / Solaris 10	CLI	CDDL	Free
tcpdump	The Tcpdump team	April 7, 2023 / 4.99.4^[13]	CLI	BSD License	Free
Wireshark (formerly Ethereal)	The Wireshark team	November 22, 2021 / 4.0.6^[14]	Both	GNU General Public License	Free
Xplico	The Xplico team	May 2, 2019 / 1.2.2^[15]	Both	GNU General Public License	Free

Operating system support

The utilities can run on these operating systems.

Client	Microsoft Windows	macOS	Linux	BSDs	Solaris	Other
Cain and Abel	Yes	No	No	No	No	No
Capsa Free Edition	Yes	No	No	No	No	No
Carnivore	Yes	No	No	No	No	No
Charles Web Debugging Proxy	Yes	Yes	Yes	?	?	?
CommView	Yes	No	No	No	No	No
dSniff	?	Yes	Yes	Yes	Yes	?
EtherApe	No	Yes	Yes	Yes	Yes	?
Ettercap	Yes	Yes	Yes	Yes	Yes	?
justniffer	No	Yes	Yes	Yes	Yes	?
Kismet	Yes	Yes	Yes	Yes	?	?
Lanmeter	No	No	No	No	No	Fluke proprietary hardware
netsniff-ng	No	No	Yes	No	No	No
ngrep	Yes	Yes	Yes	Yes	Yes	AIX, BeOS, HP-UX, IRIX, Tru64 UNIX
Microsoft Network Monitor	Yes	No	No	No	No	No
OmniPeek (formerly AiroPeek, EtherPeek)	Yes	No	No	No	No	No
snoop	No	No	No	No	Yes	No
tcpdump	Yes (WinDump)	Yes	Yes	Yes	Yes	AIX, HP-UX, IRIX, Tru64 UNIX
Wireshark (formerly Ethereal)	Yes	Yes	Yes	Yes	Yes	AIX, HP-UX, IRIX, Tru64 UNIX
Xplico	No	No	Yes	No	No	No

Related Research Articles

In computing, traceroute and tracert are diagnostic command-line interface commands for displaying possible routes (paths) and transit delays of packets across an Internet Protocol (IP) network.

SourceForge is a web service that offers software consumers a centralized online location to control and manage open-source software projects and research business software. It provides source code repository hosting, bug tracking, mirroring of downloads for load balancing, a wiki for documentation, developer and user mailing lists, user-support forums, user-written reviews and ratings, a news bulletin, micro-blog for publishing project updates, and other features.

A packet analyzer is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.

tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

In computer networking, promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. Interfaces are placed into promiscuous mode by software bridges often used with hardware virtualization.

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and macOS. The client can also run on Microsoft Windows, although, aside from external drones, there's only one supported wireless hardware available as packet source.

dSniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data. arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker. sshmitm and webmitm implement active man-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

<span class="mw-page-title-main">Ettercap (software)</span> Network traffic analysis and interception software

Ettercap is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.

In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.

Capsa is the name for a family of packet analyzers developed by Colasoft for network administrators to monitor, troubleshoot and analyze wired & wireless networks. The company provides a free edition for individuals, but paid licenses are available for businesses and enterprises. The software includes Ethernet packet analysis, diagnostics and a security monitoring system.

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.

Robocopy is a command-line file transfer utility for Microsoft Windows. Robocopy is functionally more comprehensive than the COPY command and XCOPY, but replaces neither. Created by Kevin Allen and first released as part of the Windows NT 4.0 Resource Kit, it has been a standard feature of Windows since Windows Vista and Windows Server 2008.

Omnipeek is a packet analyzer software tool from Savvius, a LiveAction company, for network troubleshooting and protocol analysis. It supports an application programming interface (API) for plugins.

Microsoft Network Monitor (Netmon) is a deprecated packet analyzer. It enables capturing, viewing, and analyzing network data and deciphering network protocols. It can be used to troubleshoot network problems and applications on the network. Microsoft Network Monitor 1.0 was originally designed and developed by Raymond Patch, a transport protocol and network adapter device driver engineer on the Microsoft LAN Manager development team.

<span class="mw-page-title-main">EtherApe</span> Network traffic monitoring tool

EtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix. EtherApe is free, open source software developed under the GNU General Public License.

ngrep is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library.

Justniffer is a TCP packet sniffer. It can log network traffic in a 'standard' or in a customized way. It can also log response times, useful for tracking network services performances . The output format of the traffic can be easily customized. An example written in Python stores the transferred contents in an output directory separated by domains. This means that the transferred files like html, css, javascript, images, sounds, etc. can be saved to a directory.

netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets, so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg . libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.

Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.

The Sniffer was a computer network packet and protocol analyzer developed and first sold in 1986 by Network General Corporation of Mountain View, CA. By 1994 the Sniffer had become the market leader in high-end protocol analyzers. According to SEC 10-K filings and corporate annual reports, between 1986 and March 1997 about $933M worth of Sniffers and related products and services had been sold as tools for network managers and developers.

References

↑ "Colasoft Announces Release of Capsa Network Analyzer v11.1 with Enhanced Usability" (Press release). April 25, 2018.
↑ "Capsa Enterprise Edition & Standard Edition & Free Edition – Colasoft". Archived from the original on January 20, 2013.
↑ "CHANGES". monkey.org.
↑ "EtherApe, a graphical network monitor". etherape.sourceforge.net. Retrieved March 22, 2020.
↑ "Releases · Ettercap". ettercap-project.org. Retrieved March 22, 2020.
↑ "Fiddler Release History". Telerik. October 3, 2019.
↑ "justniffer - Browse Files at SourceForge.net". SourceForge . Retrieved September 8, 2022.
↑ "Kismet". kismetwireless.net. Retrieved May 28, 2020.
↑ "Download Microsoft Message Analyzer from Official Microsoft Download Center". Microsoft . Archived from the original on August 3, 2019.
↑ "store.savvius.com". Archived from the original on August 13, 2016. Retrieved June 3, 2016.
↑ Netscout (2013). 2013 Netscout Sniffer Portable.
↑ "SteelCentral Transaction Analyzer".
↑ "Tcpdump/Libpcap public repository". tcpdump.org. Retrieved June 12, 2023.
↑ "Wireshark 4.0.6 Released". May 24, 2023. Retrieved June 12, 2023.
↑ "Xplico – Xplico 1.2.2".

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Colasoft Announces Release of Capsa Network Analyzer v11.1 with Enhanced Usability" (Press release). April 25, 2018.

[2] "Capsa Enterprise Edition & Standard Edition & Free Edition – Colasoft". Archived from the original on January 20, 2013.

[3] "CHANGES". monkey.org.

[4] "EtherApe, a graphical network monitor". etherape.sourceforge.net. Retrieved March 22, 2020.

[5] "Releases · Ettercap". ettercap-project.org. Retrieved March 22, 2020.

[Fiddler_Release_History-6] "Fiddler Release History". Telerik. October 3, 2019.

[7] "justniffer - Browse Files at SourceForge.net". SourceForge . Retrieved September 8, 2022.

[8] "Kismet". kismetwireless.net. Retrieved May 28, 2020.

[9] "Download Microsoft Message Analyzer from Official Microsoft Download Center". Microsoft . Archived from the original on August 3, 2019.

[10] "store.savvius.com". Archived from the original on August 13, 2016. Retrieved June 3, 2016.

[11] Netscout (2013). 2013 Netscout Sniffer Portable.

[12] "SteelCentral Transaction Analyzer".

[13] "Tcpdump/Libpcap public repository". tcpdump.org. Retrieved June 12, 2023.

[14] "Wireshark 4.0.6 Released". May 24, 2023. Retrieved June 12, 2023.

[15] "Xplico – Xplico 1.2.2".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

Comparison of packet analyzers

Contents

General information

Operating system support

Related Research Articles

References