 |
| Developer(s) | Savvius |
|---|---|
| Stable release | |
| Operating system | Windows |
| Type | Packet analyzer |
| Website | https://www.liveaction.com/ |
Omnipeek is a packet analyzer software tool from Savvius, a LiveAction company, [3] for network troubleshooting and protocol analysis. It supports an application programming interface (API) for plugins.
Savvius (formerly WildPackets) was founded in 1990 as The AG Group by Mahboud Zabetian and Tim McCreery. In 2000 the company changed its name to WildPackets to address the popular market it had developed for its products. The first product by the company was written for the Macintosh and was called EtherPeek. It was the first affordable software-only protocol analyzer for Ethernet networks. It was later ported to Microsoft Windows, which was released in 1997. Earlier, LocalPeek and TokenPeek were developed for LocalTalk and Token Ring networks respectively. In 2001, AiroPeek was released, which added support for wireless IEEE 802.11 (marketed with the Wi-Fi brand) networks. In 2003, the OmniEngine Distributed Capture Engine was released as software, and as a hardware network recorder appliance.
In the early morning of July 15, 2002, WildPackets' building in Walnut Creek, California burnt to the ground including everything in it. However, no one was hurt and the employees regrouped at a new location and the company survived the fire. [4]
Mid-April 2015, the company changed its name from WildPackets to Savvius and broadened its focus to include network security. [5]
In June 2018, Savvius was acquired by LiveAction, [6] a company that provides network performance management, visualization and analytics software.
Savvius acquired Net3 Group in November 2000. Their product, NetSense, an expert system for network troubleshooting, was converted initially converted into a plug-in and then later fully integrated into a new version of the product called EtherPeekNX. [7]
Savvius acquired Optimized Engineering Corporation in 2001. Optimized network analysis instructors, training courses and certifications were added to Savvius' services. [8]
Omnipeek has APIs on the front-end for automation, on the back-end for analysis, as well as other mechanisms to extend and enhance the program. [9] BODY.SAYED
There are 40 plug-ins available for the Omnipeek Platform. These plug-ins range from logging extensions to full-blown applications that are hosted by OmniPeek.
Remote Adapters: provide a means to capture packets and stats. There are remote adapters to capture from RMON, NetFlow, SFlow, Cisco AP's, Aruba AP's, and Linux boxes. Adapters are available to aggregate packets from multiple network segments and wireless channels at the same time.
The most notable decoders are the protospecs and decoder files, which are interpreted text files that can be extended by the user to enhance the display and analysis of existing protocols, and add knowledge of completely new protocols, without releasing new versions of the application. [10]
The plugin Wizards for the Omnipeek Console and the OmniEngine are Microsoft Visual Studio Project Templates that generate working plug-ins. When the wizard is run, a dialog appears providing options for types of functionality that sample code will be generated for. When the wizard is complete, the user is left with a working plugin with entry points for adding application logic. These plug-in wizards enable the development of extensions to Omnipeek.
The MyPeek Community Portal is a website dedicated to the extension of Omnipeek. It provides plug-ins, scripts, adapters, tools, and various levels of support for the plug-ins posted there, and expertise for those interested in extending Omnipeek themselves. [11]
PlaceMap: is a freely available standalone Google Maps Packet sniffer application for Windows that captures network traffic and maps nodes to the Google Map. PlaceMap is a notable example of extensibility in that it uses exactly the same Google Map plugin that is also available for the Omnipeek, and it uses the peek driver API to capture packets. [12]
In computing, a plug-in is a software component that adds a specific feature to an existing computer program. When a program supports plug-ins, it enables customization.
A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
In computer networking, promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. Interfaces are placed into promiscuous mode by software bridges often used with hardware virtualization.
dSniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data. arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker. sshmitm and webmitm implement active man-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
Ettercap is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.
In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.
Monitor mode, or RFMON mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first. Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of the eight modes that 802.11 wireless adapter can operate in: Master, Managed, Ad hoc, Repeater, Mesh, Wi-Fi Direct, TDLS and Monitor mode.
SQLFilter is a plugin for OmniPeek that indexes packets and trace files into an SQLite database. The packets can then be searched using SQL queries. The matching packets are loaded directly into OmniPeek and analyzed. The packet database can also be used to build multi-tier data mining and network forensics systems.
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
The Netscape Server Application Programming Interface (NSAPI) is an application programming interface for extending server software, typically web server software.
The following tables compare general and technical information for several packet analyzer software utilities, also known as network analyzers or packet sniffers. Please see the individual products' articles for further information.
EtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix. EtherApe is free, open source software developed under the GNU General Public License.
ngrep is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library.
Justniffer is a TCP packet sniffer. It can log network traffic in a 'standard' or in a customized way. It can also log response times, useful for tracking network services performances . The output format of the traffic can be easily customized. An example written in Python stores the transferred contents in an output directory separated by domains. This means that the transferred files like html, css, javascript, images, sounds, etc. can be saved to a directory.
netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets, so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg . libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.
CommView is an application for network monitoring, packet analysis, and decoding. There are two editions of CommView: the standard edition for Ethernet networks and the wireless edition for 802.11 networks named CommView for WiFi. The application runs on Microsoft Windows. It is developed by TamoSoft, a privately held New Zealand company founded in 1998.
Xplico is a network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.
SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.
The Sniffer was a computer network packet and protocol analyzer developed and first sold in 1986 by Network General Corporation of Mountain View, CA. By 1994 the Sniffer had become the market leader in high-end protocol analyzers. According to SEC 10-K filings and corporate annual reports, between 1986 and March 1997 about $933M worth of Sniffers and related products and services had been sold as tools for network managers and developers.