Ethical Hacking - Sniffing Tools and Top Packet Sniffing/Analysis Software
If you have been an IT Administrator for any length of time, you know that one of the most frustrating and time-consuming tasks is troubleshooting network problems. In a company, big or small, network resiliency is of utmost importance especially in companies which rely on the internet and network connections for daily tasks.
That is why in events of network failure, it's the responsibility of an IT Administrator to troubleshoot and fix the problem as soon as possible – Each minute wasted is equal to money lost by the company.
Everyone involved in the IT industry knows for a fact that most of the time, traditional troubleshooting is either a hit or miss. Sometimes, you might think that you have already fixed the problem but only caused a more significant network mishap because you mis-configured a server or network link.
To avoid these unfortunate events, Packet Sniffers were developed.
It is also used to monitor the traffic of your servers, router/switch monitoring, and other network hardware used in the company. The information gathered from a Packet Sniffer will significantly help an IT Administrator troubleshoot and fix network errors in a smaller span of time by understanding what is going over the wire as well as source/destinations.
Here's the Top Packet Sniffing/Analysis Software & Tools
- SolarWinds Packet Analysis Bundle.
- PRTG Network Monitor.
- Steel Central Packet Analyzer.
- Packet Capture
1. SolarWinds Packet Analysis Bundle
SolarWinds offers many types of IT management tools including the Deep Packet Inspection and Analysis Tool that are part of the Bandwidth Analyzer Pack. The Deep Packet Inspection and Analysis tool offers critical packet information.
It inspects all the contents of the packet to determine even the smallest detail including what applications cause the most traffic within the network and which connections take the longest – furthermore diagnosing bottlenecks in slow internet/network connectivity.
The Bandwidth Analyzer Pack contains two very useful applications for network administration: Network Performance Monitor and Netflow Traffic Analyzer. Network Performance Monitor runs an informative dashboard that will help you monitor network availability and response time.
It can also detect and resolve minor network performance issues. Netflow Traffic Analyzer can determine users and the specific applications that consume the most bandwidth within the network. It can also analyze flow data such as Cisco® NetFlow™, IPFIX, sFlow®, Huawei NetStream™, Juniper® J-Flow, etc.
We highly Recommend Solarwinds for Network Management and Monitoring as well as Deep packet analysis for your networks – They are a Very well rounded company with product offerings far beyond most other software in the field, and they even offer Flow or Traffic Generation software that helps you setup and troubleshoot software as well!
WireShark is a widely-used network protocol analyzer that lets you monitor every detail about your network and the packet flow going through it. Wireshark is completely free and easy to use as well as provide features like customizable reports, advanced triggers, filtering and alerts.
WireShark offers a lot of features including:
- Live capture and offline analysis.
- Standard three-packet browser
- Rich VoIP analysis
- Read/write many different file formats
- Captures file compressed with gzip
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
3. PRTG Network Monitor
PRTG is a professional network Monitoring software which has packet sniffing capabilities that provides a graphical overview of your network and allow you to monitor data packets. It filters according to IP addresses, protocols, and types of data. It is Windows compatible and it uses different technologies including SNMP, Netflow, WMI, REST APIs for network traffic sniffing.
One of the main features that PRTG offers is the Dashboard which shows complete information about which applications uses the most bandwidth, and how much network traffic it causes in a quick and easy layout. PRTG is often compared to other Network Monitoring solutions and its features outweigh many open source alternatives.
Another main feature offered by PRTG is the Packet Sniffer Sensor that tracks the packet and records the headers of each data packet. It can monitor:
- Total traffic.
- Port sniffer.
- Web traffic (HTTP, HTTPS).
- Mail traffic (IMAP, POP3, SMTP).
- File transfer traffic (FTP, P2P).
- Infrastructure traffic (DHCP, DNS, ICMP, SNMP).
- Remote control (RDP, SSH, VNC).
- Other UDP and TCP traffic
Tcpdump is a command-line tool that was initially designed for UNIX systems and is often pre-installed on almost all Unix-like operating systems. Tcpdump does not have an attractive user interface, but all packet information needed to determine the source of the network problem can be seen on display.
Since it is a command-line packet sniffing tool, you do not need to have a heavy duty PC to run it smoothly, as you can literally fire up the command
line tool and start sniffing fairly quickly. There is a bit of a learning curve though and its not nearly as intuitive as other programs in this list.
Tcpdump uses very basic to complex codes and commands so it would take time to master how to operate this tool fully. But once you get the hang of it, it would be straightforward for an IT administrator to get around and identify the causes of network issues. It has been ported to Windows as Windump.
5. Steel Central Packet Analyzer
Steel Central Packet Analyzer offers an interactive graphical user interface that helps you identify the root network problem using a wide selection of pre-defined analysis views. It provides packet sniffing down to the bit level through Packet Analyzer Plus’ full integration with Wireshark.
There are three versions of Steel Central Packet Analyzer that only differs in which products they support.
For personal networks, there is the Steel Central Packet Analyzer Personal Edition which offers the same level of packet sniffing but has a limited set of included features.
For small companies, Steel Central Packet Analyzer supports multiple products including NetShark Virtual Edition on SteelHead and SteelFusion. Steel Central Packet Analyzer Plus is highly recommended for large companies with substantial network traffic since it can support the new Steel Central AppResponse 11.
NetworkMiner for Windows makes network analysis very simple and can detect the host-name as well as the OS and open ports of network hosts through packet sniffing. It can also operate offline by parsing a PCAP file for further analysis and reassemble sent certificates from PCAP files.
NetworkMiner was released in 2007 by Netresec and since its release, it has been a widely-used tool by companies and organizations all over the world.
In this day and age where wireless networks are in high demand, kismet can work wonders in packet sniffing since it was developed specifically for wireless networks. It can detect and sniff packet even from hidden networks and SSIDs.
It can detect the presence of wireless APs as well as clients and what kind of traffic they create. Kismet also has a counterpart that is compatible with MAC and OSX environments, KisMAC. They both have simple and easy to learn user interfaces.
Fiddler is not technically made for packet sniffing but can be used either way. It can manipulate and log HTTP/HTTPS traffic. May it be on a desktop or on non-web applications, as long as it uses HTTP/HTTPS for connections, Fiddler can analyze the traffic and help you determine which causes the heaviest network traffic.
Since it is an open source tool, administrators use Fiddler to isolate performance bottlenecks. It also offers web debugging and HTTPS traffic decryption.
Fundamentally, EtherApe and WireShark offer the same features, but they differ in the representation of data. This open-source packet sniffer is more focused on giving a visual interpretation of the information on the packets. The data displayed can be changed to show only the data you need.
Some features offered by EtherApe include but are not limited to:
- Protocol summary dialog shows global traffic statistics by protocol.
- Node summary dialog shows traffic statistics by node.
- Node statistics export to XML file.
- A single node can be centered on the display and several user-chosen nodes can be arranged in an inner circle with other nodes around.
- An alternative display mode arranges nodes in “columns”.
10. Packet Capture
As society moves to mobile devices, integration and sniffing of the Android platform is a definite must. Packet Capture app can record and capture network packets using a local VPN. SSL communication can be decrypted using the Man In The Middle (MITM) approach.
It can be downloaded straight from the Play Store and it uses a basic, yet informative user interface. It focuses on your HTTPS traffic and records all the packets that come through the connection. This android application is free of charge but will contain ads.
The use of these Packet Sniffers and Network Analyzers will help you identify and resolve network issues in a shorter amount of time. The insight these applications provide are invaluable in large and complex networks that need constant monitoring and analysis.
All the time you spent digging down to the lowest level of the OSI model to find that problematic packet can be easily saved by the use of one of these listed applications. Monitoring network traffic is a breeze, and prevention of network congestion before it happens is now a reality. Grab one of the free Downloads or Trials from above and starting analyzing and Sniffing Packets & network traffic today!