boomer

Does anyone know of a decent "network sniffer"?

Preferably a software application, although a hardware "all in one" device might be an option.

I am after something that can display packets broken down into their individual sections for training and explanation type purposes. e.g. Here is the "real live" sequence of events when your PC requests an IP address using DHCP. Oh, and it has to be "promiscuous", and not just traffic to the PC that it is running on

I have tried downloading a couple of trail packages, one of which just didn't work, and one (Ultra Network Sniffer) which seems quite good, but doesn't break the packets down into enough known bits.

ISTR that Microshaft SMS can offer similar functionality, but probably costs a bomb!

I don't mind paying for such a package, but i do want one that does a good job!

Cheers,

mb

*Sonic*

Network Associates Sniffer Pro, is pretty good

Nicks VR4

Yeap as above NAI Sniffer
I did a 3 day course at NAI (I worked for them) for Sniffer Distributed I;m not IT either
And boy what a eye opener

stiler83

Sniffer Pro is the only one really worth using. I use this work and have tried most of the others and this would be my choice. But its not cheap mind.

*Sonic*

The only other one is Iris by eeye

elgordano

Compuware Network Vantange and Application Vantage is the all singing all dancing package. It will cost you in excess of 40k though.

Tebo

I dont know what you are expecting to find, but if you are working at this level then I will assume you have access to Linux somewhere, there is a package that comes with most ditro's called 'ethereal' but they also do a copy for windows now I beleive.

try here
http://www.ethereal.com/

Tebo
http://www.tebo.dsl.pipex.com

boomer

Well it looks like Sniffer Pro is the daddy, but as stiler83 says - "its not cheap mind"

Tebo,

yes we do have access to Linux, so i'll have a look at Ethereal as well!

Cheers,

mb

R1916v

Ethereal does have a windows version, it works well

dsmith

If you're going to be using it a lot then given a free hand I'd go for Sniffer Pro.

For normal use Ethereal is more than enough. Works well on Windows aswell. GUI can be a little unfriendly - some of the packet capture filters use unix tcpdump command line format etc. - but persevere and it worth the effort.

NTOP is also useful if you're more interested in top talkers or the like - also now has a windows version.

Deano

boomer

Well i have just installed Ethereal (on Windows 2000) and i am very impressed.

I has a clean, easy to use interface, and most importantly i neatly breaks down packets into their component parts. For example, a DHCP Offer packet displays all the contained information, including Options and so on. We can even seen the setting up of PXE boots and the creation of multicast groups - fantastic!

Absolutely perfect to help explain to people how real life networks work

Thanks for the suggestions,

cheers,

mb