NETWORK PROTOCOL ANALYZER
The packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications.
USES:
The versatility of packet sniffers means they can be used to:
Analyze network problems
Detect network intrusion attempts
Gain information for effecting a network intrusion
Monitor network usage
Gather and report network statistics
Filter suspect content from network traffic
Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
Reverse engineer proprietary protocols used over the network
Debug client/server communications
Debug network protocol implementations
NOTABLE PACKET ANALYZERS:
- Carnivore
- dSniff
- Ettercap
- Fluke Lanmeter
- Microsoft Network Monitor
- OPNET Technologies ACE Analyst
- NetScout Sniffer Global Analyzer
- NetScout Sniffer Portable Professional Analyzer
- Network Instruments Observer
- NetworkMiner packet analyzer
- PacketTrap pt360 Tool Suite
- snoop (part of Solaris)
- tcpdump
- WildPackets OmniPeek (old name AiroPeek, EtherPeek)
- Wireshark (formerly known as Ethereal)
- NetworkActiv PIAFCTM
- Capsa
- Cain and abel
- Clarified Analyzer
WIRESHARK:
Wireshark is a free packet analyzer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network
packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what's going
on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on
inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.
SOME INTENDED PURPOSES:
Here are some examples people use Wireshark for:
• network administrators use it to troubleshoot network problems.
• network security engineers use it to examine security problems.
• developers use it to debug protocol implementations.
• people use it to learn network protocol internals.
The following are some of the many features Wireshark provides:
• Available for UNIX and Windows.
• Capture live packet data from a network interface.
• Display packets with very detailed protocol information.
• Open and Save packet data captured.
• Import and Export packet data from and to a lot of other capture programs.
• Filter packets on many criteria.
• Search for packets on many criteria.
• Colorize packet display based on filters.
• Create various statistics.
0 comments:
Post a Comment