Shulou(Shulou.com)06/01 Report--

Wireshark

Formerly known as Ethereal, it was originally a free packet capture and analysis tool running on the Linux system platform. It was renamed Wireshark in 2006 and has now released a version of the software that can run on the Windows platform.

The latest version available is V1.0.2 (released in 2008), which recognizes protocols such as RTP, IM, 802.11 and IPv6, such as Microsoft MSN, Tencent QQ and streaming media applications. Currently, Wireshark does not have packet playback or traffic generation (traffic generator) capabilities.

In terms of use, the filter (Filter) setting of Wireshark is not very convenient, and the setting conditions of the statistical function are very detailed, but the display results of the expert function (Expert) are not easy to understand.

After the packet is captured, the default storage mode is .pcap file, but you can open data files with suffixes such as .cap, .pkt, and so on.

Because Wireshark is free and open source software, it can be recompiled, redeveloped and so on. Such as plug-in plug-ins for P2P protocol Pastry.

Http://wiki.wireshark.org/

Sniffer

It began to belong to NAI and continued to develop to version V4.7.5. After being separated from NAI Company in 2004, it belongs to Network General Company.

Two versions of Sniffer Portable products, V4.8 (released in 2005) and V4.9 (released in 2007), are currently available. Compared with V4.7.5, V4.8 adds the analysis functions of RTP, 802.11, SNMP v3 and IPv6, and the software interface is basically unchanged; v4.9 enhances the analysis function of application protocols, such as common database applications, SAP applications and so on.

Sniffer has packet playback or traffic generation (traffic generator) capabilities.

After the packet is captured, the storage method defaults to the .cap file.

In terms of installation and use, V4.8 can be installed successfully on Vista and can run normally, but when installing V4.9 on Vista, it is prompted that the operating system version does not support and abort the installation, and V4.9 supports fewer types of network cards.

Http://www.sniffer.net.cn/support/

Omnipeek

For WildPacket products, Omnipeek Personal version V4.1 (released in 2007) and Omnipeek Enterprise version V5.1 (released in 2007) are currently available, both supporting IM, RTP, 802.11, IPv6 and other protocols and SQL analysis.

Omnipeek has the functions of simple packet playback and custom playback.

After the packet is captured, it is stored in a .pkt file by default.

Http://www.wildpackets.com/products/omnipeek_network_analyzer

Other tools

Some manufacturers engaged in network management and test equipment research and development have also developed protocol analysis tools with their own brands, such as:

(1) Fluke Optiview Protocol Expert (OPE)

The latest available software version is V9.0 (released in 2007), which supports IM, IPv6 and other protocols.

In comparison, graphical display is mainly added, and response time, throughput and other information display is increased functionally. In addition, you can customize the policy template for the filter (Filter).

(2) Agilent Network Analyzer (NA)

The latest available software version is V5.50 (released in 2006) with an interface and functionality similar to that of Sniffer. The system supports RTP, IPv6 and other protocols and common database session process parsing, but the analysis of IM protocol is not good; it also supports simple playback of data packets.

The Agilent Network Analyzer protocol analysis tool is integrated by default in the Agilent J2300E network comprehensive analyzer, but the software tool can also be installed and used independently on the computer, and its operation interface and mode are exactly the same as those on J2300E.

(3) Kelai Network Analysis system

For domestic software, the latest available software version is Technical Exchange version V6.8 (released in 2008). The operating interface is entirely in Chinese, and supports RTP, IM, BT, IPv6 and other protocols as well as MSSQL database session process parsing.

The main function is similar to Sniffer, the system can customize the policy template of filter (filter); in addition, the system also has built-in MAC address scanner, packet player, packet generator and ping tool. Especially in event diagnosis, a number of network event libraries are built in according to the link layer, network layer, transport layer and application layer.

Zeng Yunhui, via Shandong Software Evaluation Center

Add:

Wireshark is a viewing tool, not an alarm tool, it only has a detection function, can not match the rules and then issue a warning, otherwise if the secondary development.

(this is what I see from the forum) I use a few feelings: Wireshark can parse a lot of protocols, especially many open source protocols in the application layer; filtering packets is much slower than Sniffer; there is no good interface presentation compared to Omnipeek; but I still use Wireshark to grab packets and analyze them, and I find it easy to use and easy to use. For those who want to learn the protocol, Wireshark can be used as a learning tool, and open source is free, but there seems to be a problem on the official website www.wireshark.org in recent days. I think the best information is Wireshark's own help, which is very detailed and there are a lot of Note.

In addition, Microsoft also has packet analysis software, but the name is not known, everyone to find it, ha.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.