If you work on a network, you then know the value of information. Solid information leads to a strong and worry-free network (or at least as worry-free as you can manage). In order to gather that information, you need the right tools. The tools I speak of are network analyzers. Once you start looking, you can find analyzers of every shape, size, and price. But for most network admins, the free tools do a solid-enough job to get you the information you need.
But which of these tools are the best? If you start looking, you’ll find plenty available. To help narrow the search for you, I’ve found five of the best network analyzers available. From this list, you should be able to find the one tool that perfectly suits your needs. With that promise made, let’s dive in and see what’s what.
This blog post is also available as a TechRepublic Photo Gallery.
Wireshark is one of the most powerful network protocol analyzers on the market (free or paid). In fact, Wireshark is often considered the de facto standard among the industry. This analyzer features: Live capture and offline analysis; standard three-pane packet browser; multi-platform (Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others); captured network data can be browsed via GUI, or via the TTY-mode TShark utility. Other features include: powerful display filters; rich VoIP analysis; read/write many different capture file formats; capture files can be compressed with on the fly; live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others; decryption support; coloring rules; output can be exported to XML, PostScript, CSV, or plain text.
NAST (Network Analyzer Sniffer Tool) is an ncurses-based tool that has, admittedly, not been under development for quite some time. Even so, the tool is quite useful and does a great job of capturing network traffic. I put this tool on the list because it’s invaluable if the only machine you have access to is a UNIX GUI-less server. But even if you have a GUI, this tool is quite handy. NAST features: Build LAN hosts list; follow a TCP-DATA stream; find LAN internet gateways; discover promiscuous nodes; reset an established connection; perform a single half-open portscanner; perform a multi half-open portscanner; find link type (hub or switch); catch daemon banner of LAN nodes; control arp answers to discover possible arp-spoofings; byte counting with an optional filter; and write reports logging.
Zenmap is the official GUI for the Nmap Security Scanner. Zenmap is available for Windows, Linux, Mac, and BSD. Zenmap can be used to read live captures or save captures for later viewing. With Zenmap you can empower the features of Nmap to help you with: network inventory, managing service upgrade schedules, and monitoring host or service uptime. Features include: Host discovery; port scanning; version detection; OS detection; scriptable interface; web scanning; full IPv6 support; Nping support; fast scanning; and much more.
4. Angry IP Scanner
Angry IP Scanner is another open source, cross platform scanner that is designed, from the ground up, to be incredibly fast and very simple to use. Angry IP offers the following features: Portable (zero installation on certain platforms); ping checks; NetBIOS information; resolves hostnames; determines MAC address; can determine currently logged-in user; plug in system; scan results can be saved as CSV, TXT, XML, or IP-Port list; and fast, mutli-threaded scanning.
5. JDSU Network Analyzer Fast Ethernet
JDSU Network Analyzer Fast Ethernet has a long name and is long in features. Although it has numerous features, you don’t have to be a full-blown network analyst to make use of this tool. JDSU allows anyone (of nearly any experience level) to: Quickly determine who is on a network, who is using bandwidth, and where errors may be occurring on the network. You can also identify problems before they become serious issues; use expert analysis tools to solve network problems quickly; capture and analyze network traffic in real-time; and analyze data offline. JDSU offers multi-technology analysis, a consistent user-interface across platforms, and is scalable for distributed analysis.
No matter what your level of expertise, and your network needs, one of these tools should make the gathering of information about your network a simple task. Whether you need a simple, ncurses-based tool, or a full-blown, full-featured GUI, you can find what you’re looking for and not have to spend a single penny.