Can anybody recommend a good packet sniffer?
There's been some complaint about performance, so were trying to take a look at exactly what gets downloaded by our ActiveX controls, and see if theres any duplication or redundancy happening.
Ethereal and tcpdump - GUI or command line, tke your pick.
Ethereal: What a GREAT product name.
If you have MSDN or backoffice, look on the SMS disk for a folder called NMEXT (Network Monitor Extendeded?). It's fantastic, and if you already have the disk, free.
Some time ago I used Etherscan Analyzer. You can find it at www.etherscan.com. Very easy to use. Only drawback is that it decodes only a handful of protocols.
I've used NAI Sniffer Pro and Ethereal, and I like Ethereal the best. Windows setup takes a couple of extra steps, but once you get it running it is easy to use and very powerful (and free).
Network monitor (from Microsoft) is good. I think it may also come with Win2k Server. Also, netcap comes as part of the Windows XP support tools (on the CD-ROM), it can only monitor but not display the results, but some other tools can display the results (like Netmon on your win2k machine).
oh yeah, if you're using http, you can always point it to a http proxy server and use whatever logging the proxy server has.
Also, for http, take a look at pcaptrace:
EtherPeek from WildPackets - can't live without it!
ettercap http://ettercap.sourceforge.net/ is great when working in a switched environment (it can do effective arp poisoning)
The network monitor on Win2K Server is limited to sniffing the machine its running on, though even that is often enough. On the Systems Management Server there's a full copy of Network Monitor.
Thanks for all the tips. Ethereal is proving an excellent tool, though I'm having trouble understanding the filtering.
The filtering is based on tcpdump syntax - and yes it is painful.
Fog Creek Home