2

I use wireshark and microsoft network monitor extensively, but I'm curious if there are other good (hopefully free / open source) software packages for analyzing TCP/IP traffic?

I'm especially interested in forensic uses and analysis of network issues.

John Weldon
  • 413
  • 1
  • 3
  • 13

3 Answers3

10

I think Wireshark is pretty much the open/free standard. Is there something you're looking for that it doesn't do?

mfinni
  • 36,144
  • 4
  • 53
  • 86
  • @mfinni thanks! Yes, Windows Network Monitor has an expert 'TCP Analyzer' or something that identifies network issues... that's the kind of thing I'm interested in. – John Weldon Feb 12 '10 at 04:47
4

Basically this boils down to a question: what OSI level are you interested in? If you want to know about what exactly was transmitted, you cannot avoid Wireshark, tcpdump or alike. But if you are interested to learn patterns that appear in your network you have to analyze netflows, packet capture is simply an overkill.

And for netflows there are many tools:

http://nsmwiki.org/index.php?title=Argus

http://www.networkuptime.com/tools/netflow/

http://www.mindrot.org/projects/

http://code.google.com/p/flow-tools/

http://www.ntop.org/nProbe.html

monomyth
  • 971
  • 1
  • 5
  • 9
2

Ditto on wireshark. If your looking for a command line tool, you might consider running the raw network trace through tcpdump. Although wireshark has better protocol disectors, tcpdump combined with some command line magic can be useful in certain situations.

J. M. Becker
  • 2,471
  • 1
  • 17
  • 21
SteveM
  • 919
  • 4
  • 6