What is your favorite freeware packet sniffer?

  • Thread starter Thread starter John Corliss
  • Start date Start date
Mel said:
I didn't use it alot, but I was always satisfied with Analyzer. I'm
going to try this one to see how it compares:

http://www.nirsoft.net/utils/smsniff.html


<q>
Another timely quote in the vein of the apocryphal Julius Caesar warning
about political leaders who can all too easily send the citizenry
marching eagerly off to war by manufacturing crises that purportedly
threaten national security and making popular appeals to patriotism.
</q>
Click to expand...

Yet it's true, unlike the Juliu Caesar one. Goering really did say that.
This is why I included the Snopes link.

"We may be made somewhat uneasy by the idea that the head of a classic
civilization recognized 2,000 years ago that the populace could be
manipulated into sacrificing themselves in wars at the whims of their
leaders, but we're outraged (and maybe even scared) at the thought of a
fat Nazi fascist flunky's recognizing and telling us the same thing.

The notable difference here is that although the Caesar quote is a
latter-day fabrication, the words attributed to Hermann Goering are real."

As for the Packet Sniffer, I've decided to give Ethereal another chance.
Seems that the complexity of the filters is actually the fault of the
Winpcap filter language. From an Ethereal help file (RTFM!) "Ethereal
uses the pcap (libpcap/WinPcap) filter language for capture filters.
This language is explained in the tcpdump man page
(http://www.tcpdump.org)."

It seems that there isn't any way to simplify the process and I'll have
to figure it out. I'd really like to be able to filter out ARP protocol
packets though. Unless I'm wrong, they can't have much potential to be a
threat.
 
Mel said:
Same here, I'm the Mel that's been posting here as 'Mel'
for several years (mostly using my spamgourmet.com email
address) - probably should have used my full name.

Incidently avoid installing WinPcap and Kerio 4 firewall on
a Windows 98/ME machine - Kerio 4 causes a lock-up if
you try to capture (work fine together on XP).
Click to expand...

Wow. Thanks for the warning! I was considering giving Kerio 4 another
try on my system.
 
Dick_Hazeleger said:
Hi John!
Question is: How "simple" do you want it, and what do you expect from it.
Although I prefer Ethereal (with all its "complexity"), there are a few
candidates for a "quick and dirty" sniffing of packets:

ZX-sniffer is the first one that comes to mind, uses its own driver (no
WinPCap needed) and is a real lightweight compare to ER. The only problem
is to find it... Newer versions are only available in Russian, and the
older English version has disappeared from the major sites. I could try
to upload it to ABF if you to give it a go...?

SmartSniff (Nir Sofer) is another lightweight sniffer, however it needs
WinPCap to be able to work on Windows below Win2K (on 2K and XP it can
use the "RAW" mode to capture packets): http://nirsoft.mirrorz.com.
Click to expand...

Dick,
Thanks, but I've decided to hack my way through Ethereal. It really
is the best one out there. I've decided to figure out how to implement
capture filters by using the Winpcap filter language. Ethereal has some
excellent help files it seems. However, you don't access them the way
ala the average Windows help file way. They appear via a help button
when you need them. That threw me. Actually, a pretty nice way to do it
if implemented carefully by the programmer.
 
As for the Packet Sniffer, I've decided to give Ethereal another chance.
Seems that the complexity of the filters is actually the fault of the
Winpcap filter language. From an Ethereal help file (RTFM!) "Ethereal
uses the pcap (libpcap/WinPcap) filter language for capture filters.
This language is explained in the tcpdump man page
(http://www.tcpdump.org)."

It seems that there isn't any way to simplify the process and I'll have
to figure it out. I'd really like to be able to filter out ARP protocol
packets though. Unless I'm wrong, they can't have much potential to be a
threat.
Click to expand...
After reviewing the following:

Installing and Using Ethereal

http://www.portforward.com/networking/ethereal.htm

I decided to try Ethereal too.

Have you found any winpcap filters for Etheral (downloadable) or maybe a
winpcap filter generator?
 
Mel said:
After reviewing the following:

Installing and Using Ethereal

http://www.portforward.com/networking/ethereal.htm

I decided to try Ethereal too.

Have you found any winpcap filters for Etheral (downloadable) or maybe a
winpcap filter generator?
Click to expand...

No, but I haven't really looked. The main Winpcap site:

http://www.winpcap.org/

has a list of WinPcap-based tools and programs here:

http://www.winpcap.org/misc/links.htm

Lots of alternative packet sniffers and there might be something like
you mention there too.
 
Dick,
Thanks, but I've decided to hack my way through Ethereal. It really
is the best one out there. I've decided to figure out how to implement
capture filters by using the Winpcap filter language. Ethereal has
some excellent help files it seems. However, you don't access them the
way ala the average Windows help file way. They appear via a help
button when you need them. That threw me. Actually, a pretty nice way
to do it if implemented carefully by the programmer.
Click to expand...

Hi John,

Secunia reported today (Wednesday) multiple vulnerabilities in...
Ethereal, so an update may be available soon! ER most defintely is worth
the effort!

Good luck "sniffing the packets" <LOL>

Regards to you,

Dick
 
cubaguy said:
To close all your open ports, you might want to try this free thingy:

http://www.stoplistening.com/

(I could not manage to close all my ports on my w2k machine any other
way... especially damn port 1025!)
Click to expand...

Unfortunately:

"StopListening, brought to you by Nonebar Security, is a tiny and free
tool that allows you to drastically improve the security of a fresh
Windows 2000/XP installation at the click of a button."

I use Millennium Edition.

Thanks anyway.
 
Dick_Hazeleger said:
Hi John,

Secunia reported today (Wednesday) multiple vulnerabilities in...
Ethereal, so an update may be available soon! ER most defintely is worth
the effort!

Good luck "sniffing the packets" <LOL>
Click to expand...

Dick
I just updated my copy a few days ago, but will keep my eyes open for
the patched version. Thanks.
 
Back
Top