A network analysis tool or network analyzer (also known as a protocol analyzer or packet sniffer) is a computer program (or it can be a hardware device) that can tap in to intercept network traffic passing over a wire cable, host or even the entire network. Besides intercepting network data from a wired network, some network analysis tools are able to capture data over wireless networks (aka, WiFi network).
The network analysis tool captures each packet as data traverses across the network, and it’s able to decode the packet’s raw data by RFC (or industry specifications) and show the meaning of each fields. Some network analysis tools provide more professional data, such as stats on IP nodes, TCP stats, etc. And even more, they present the stats in graph or chart forms.
Free Network Analysis Tools
Capsa Free – Capsa Free is a must-have freeware network analyzer for Ethernet monitoring, troubleshooting and analysis. It provides users with great experience to learn how to monitor network activities, pinpoint network problems, and enhance network security and so on. Moreover, Capsa Free is a perfect choice for students, teachers and computer geeks to learn protocols and networking technology knowledge.
Wireshark – (formerly Ethereal) has established itself as the de-facto packet analyzer. It can capture packets of standard Ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl.
Compass – is a powerful, easy-to-use network monitoring tool for both wired and wireless networks. WildPackets Compass provides an interactive forensics dashboard of key network statistics, which can be graphed, dynamically interacted with, and reported on. With its unique ability to aggregate traffic from multiple wireless channels and wired segments, Compass provides network engineers with more visibility and insight into their networks.
Network Monitor – Network Monitor 3.4 is a protocol analyzer. It allows you to capture network traffic, view and analyze it.
Ettercap – goes beyond packet capture, allowing investigation and simulation of low level network attacks — ARP cache poisoning, DHCP hijack etc. It can also be extended with external scripts. A powerful tool in the right hands — use carefully on your live network.
Nmap – will scan an individual IP address. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap.
Do you use any network analysis tool? If you have more suggestions, please post your recommendations in comment.