Comparison of packet analyzers

Last updated

The following tables compare general and technical information for several packet analyzer software utilities, also known as network analyzers or packet sniffers. Please see the individual products' articles for further information.

Contents

General information

Basic general information about the software—creator/company, license/price, etc.

CreatorLatest releaseUser interface Software license Cost
Allegro Network MultimeterAllegro PacketsJuly 20, 2023 / v4.0.4web GUI Proprietary Non-free, price on request, depending on device and extensions
Cain and Abel Massimiliano MontoroApril 7, 2014 / 4.9.56GUIFreewareFree
Capsa Colasoft April 24, 2018 / 11.1 [1] GUI Proprietary $0–$995, depending on version [2]
Carnivore Federal Bureau of Investigation  ? ?N/A ?
Charles Web Debugging Proxy Karl van RandowJuly 10, 2017 / 4.1.4GUI ?$30–$50 (Free Trial)
Clarified Analyzer Clarified Networks GUI Proprietary Non-free
Clusterpoint Network Traffic Surveillance System Clusterpoint web GUI Proprietary  ?
CommView TamoSoft November 30, 2017 / 6.5 Build 770GUI Proprietary $299–$599, $149 1 year subscription
dSniff Dug SongDecember 17, 2000 / 2.3 [3] CLI BSD License Free
EtherApe Juan ToledoJune 3, 2018 / 0.9.18 [4] GUI GNU General Public License Free
Ettercap ALoR and NaGAAugust 1, 2020 / 0.8.3.1-Bertillon [5] Both GNU General Public License Free
Fiddler Eric Lawrence / Telerik October 3, 2019 / 5.0.20194 [6] GUIFreewareFree
justniffer The Justniffer teamMarch 21, 2016 / 0.5.15 [7] CLI GNU General Public License Free
Kismet Mike Kershaw (dragorn)May 2, 2020 / 2020-04-R3 [8] CLI GNU General Public License Free
Microsoft Message Analyzer Microsoft October 28, 2016 / 1.4 [9] GUI Proprietary Free
Microsoft Network Monitor Microsoft June 24, 2010 / 3.4GUI Proprietary Free
netsniff-ng Daniel BorkmannNovember 7, 2016 / 0.6.2 CLI GNU General Public License Free
ngrep Jordan RitterSeptember 7, 2017 / 1.47 CLI BSD-styleFree
Observer Viavi Solutions (formerly Network Instruments)GUI Proprietary Price on request
OmniPeek (formerly AiroPeek, EtherPeek)LiveAction (formerly Savvius, WildPackets)November 2017 / 11.1GUI Proprietary $1194–$5994, depending on version [10]
Sniffer Netscout (formerly Network General)2013 [11] GUIProprietaryNon-free
SteelCentral Transaction Analyzer OPNET Technologies/Riverbed Technology June 9, 2014 / 17.0.T-PL1 [12] GUI Proprietary Non-free
snoop Sun Microsystems December 11, 2006 / Solaris 10 CLI CDDL Free
tcpdump The Tcpdump teamApril 7, 2023 / 4.99.4 [13] CLI BSD License Free
Wireshark (formerly Ethereal)The Wireshark teamNovember 22, 2021 / 4.0.6 [14] Both GNU General Public License Free
Xplico The Xplico teamMay 2, 2019 / 1.2.2 [15] Both GNU General Public License Free

Operating system support

The utilities can run on these operating systems.

Client Microsoft Windows macOS Linux BSDs Solaris Other
Cain and Abel YesNoNoNoNoNo
Capsa Free EditionYesNoNoNoNoNo
Carnivore YesNoNoNoNoNo
Charles Web Debugging Proxy YesYesYes ? ? ?
CommView YesNoNoNoNoNo
dSniff  ?YesYesYesYes ?
EtherApe NoYesYesYesYes ?
Ettercap YesYesYesYesYes ?
justniffer NoYesYesYesYes ?
Kismet YesYesYesYes ? ?
Lanmeter NoNoNoNoNo Fluke proprietary hardware
netsniff-ng NoNoYesNoNoNo
ngrep YesYesYesYesYes AIX, BeOS, HP-UX, IRIX, Tru64 UNIX
Microsoft Network Monitor YesNoNoNoNoNo
OmniPeek (formerly AiroPeek, EtherPeek)YesNoNoNoNoNo
snoop NoNoNoNoYesNo
tcpdump Yes (WinDump)YesYesYesYes AIX, HP-UX, IRIX, Tru64 UNIX
Wireshark (formerly Ethereal)YesYesYesYesYes AIX, HP-UX, IRIX, Tru64 UNIX
Xplico NoNoYesNoNoNo

Related Research Articles

In computing, traceroute and tracert are diagnostic command-line interface commands for displaying possible routes (paths) and transit delays of packets across an Internet Protocol (IP) network.

SourceForge is a web service that offers software consumers a centralized online location to control and manage open-source software projects and research business software. It provides source code repository hosting, bug tracking, mirroring of downloads for load balancing, a wiki for documentation, developer and user mailing lists, user-support forums, user-written reviews and ratings, a news bulletin, micro-blog for publishing project updates, and other features.

<span class="mw-page-title-main">Packet analyzer</span> Computer network equipment or software that analyzes network traffic

A packet analyzer is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.

tcpdump Data-network packet analyzer

tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

In computer networking, promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. Interfaces are placed into promiscuous mode by software bridges often used with hardware virtualization.

<span class="mw-page-title-main">Kismet (software)</span> Network detector, packet sniffer, and intrusion detection system

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and macOS. The client can also run on Microsoft Windows, although, aside from external drones, there's only one supported wireless hardware available as packet source.

dSniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data. arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker. sshmitm and webmitm implement active man-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

<span class="mw-page-title-main">Ettercap (software)</span> Network traffic analysis and interception software

Ettercap is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.

In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.

Capsa is the name for a family of packet analyzers developed by Colasoft for network administrators to monitor, troubleshoot and analyze wired & wireless networks. The company provides a free edition for individuals, but paid licenses are available for businesses and enterprises. The software includes Ethernet packet analysis, diagnostics and a security monitoring system.

<span class="mw-page-title-main">Wireshark</span> Network traffic analyzer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.

Robocopy is a command-line file transfer utility for Microsoft Windows. Robocopy is functionally more comprehensive than the COPY command and XCOPY, but replaces neither. Created by Kevin Allen and first released as part of the Windows NT 4.0 Resource Kit, it has been a standard feature of Windows since Windows Vista and Windows Server 2008.

Omnipeek is a packet analyzer software tool from Savvius, a LiveAction company, for network troubleshooting and protocol analysis. It supports an application programming interface (API) for plugins.

Microsoft Network Monitor (Netmon) is a deprecated packet analyzer. It enables capturing, viewing, and analyzing network data and deciphering network protocols. It can be used to troubleshoot network problems and applications on the network. Microsoft Network Monitor 1.0 was originally designed and developed by Raymond Patch, a transport protocol and network adapter device driver engineer on the Microsoft LAN Manager development team.

<span class="mw-page-title-main">EtherApe</span> Network traffic monitoring tool

EtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix. EtherApe is free, open source software developed under the GNU General Public License.

ngrep Packet analyser

ngrep is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library.

Justniffer is a TCP packet sniffer. It can log network traffic in a 'standard' or in a customized way. It can also log response times, useful for tracking network services performances . The output format of the traffic can be easily customized. An example written in Python stores the transferred contents in an output directory separated by domains. This means that the transferred files like html, css, javascript, images, sounds, etc. can be saved to a directory.

netsniff-ng Linux networking toolkit

netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets, so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg . libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.

Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.

<span class="mw-page-title-main">Sniffer (protocol analyzer)</span> Network packet and protocol analyzer

The Sniffer was a computer network packet and protocol analyzer developed and first sold in 1986 by Network General Corporation of Mountain View, CA. By 1994 the Sniffer had become the market leader in high-end protocol analyzers. According to SEC 10-K filings and corporate annual reports, between 1986 and March 1997 about $933M worth of Sniffers and related products and services had been sold as tools for network managers and developers.

References

  1. "Colasoft Announces Release of Capsa Network Analyzer v11.1 with Enhanced Usability" (Press release). April 25, 2018.
  2. "Capsa Enterprise Edition & Standard Edition & Free Edition – Colasoft". Archived from the original on January 20, 2013.
  3. "CHANGES". monkey.org.
  4. "EtherApe, a graphical network monitor". etherape.sourceforge.net. Retrieved March 22, 2020.
  5. "Releases · Ettercap". ettercap-project.org. Retrieved March 22, 2020.
  6. "Fiddler Release History". Telerik. October 3, 2019.
  7. "justniffer - Browse Files at SourceForge.net". SourceForge . Retrieved September 8, 2022.
  8. "Kismet". kismetwireless.net. Retrieved May 28, 2020.
  9. "Download Microsoft Message Analyzer from Official Microsoft Download Center". Microsoft . Archived from the original on August 3, 2019.
  10. "store.savvius.com". Archived from the original on August 13, 2016. Retrieved June 3, 2016.
  11. Netscout (2013). 2013 Netscout Sniffer Portable.
  12. "SteelCentral Transaction Analyzer".
  13. "Tcpdump/Libpcap public repository". tcpdump.org. Retrieved June 12, 2023.
  14. "Wireshark 4.0.6 Released". May 24, 2023. Retrieved June 12, 2023.
  15. "Xplico – Xplico 1.2.2".