A packet sniffer is a utility used for monitoring network traffic. It is a tool which sniffs without modifying the packets in any way, i.e., it just watches, displays and logs this traffic.
A packet sniffer is also called a protocol analyzer, packet analyzer or network analyzer. The information gathered using a packet sniffer is useful for troubleshooting network problems.
These pieces of information also help in understanding how the data travels in a network.
However, packet sniffers can be misused by hackers to extract sensitive user data illegitimately. Using this, hackers may easily capture data like passwords, IP addresses, protocols in use on the network and other such information.
Packet sniffers are available in multiple forms, and there are many popular free as well as paid tools. Each of them has different characteristics.
In this article, we shall come to know about some of the popular packet sniffer softwares available in the cyber world. Let’s start.
What are some of the popular packet sniffer softwares?
There are different packet sniffer softwares available, each offering a range of features. Let us proceed to know about them.
This application has two other applications bundled in itself – Network Performance Monitor and the Netflow Traffic Analyzer.
The Network Performance Monitor monitors different factors like display response time, availability, and performance of the network devices.
It also detects and resolves problems using alerts and reports. It can graphically display real-time network performance statistics through dynamic drillable network maps.
The Netflow Traffic Analyzer implements flow technology for analyzing network bandwidth performance and traffic patterns.
It can identify users, applications, protocols consuming bandwidth, IP addresses of top talkers, etc. All these data are stored and shown with one-minute granularity.
Solarwinds Bandwidth Analyzer 2-Pack offers a free trial version for 30 days.
WireShark, earlier known as Ethereal, is one of the powerful and widely used network analyzers.
It is an interactive packet sniffing and analysis tool, available on different platforms like Windows, Linux, MacOS, Solaris, FreeBSD, etc.
It is a feature-rich utility. WireShark profoundly inspects hundreds of protocols and offers live capture and offline analysis, extensive VoIP analysis, decryption support for protocols (IPSec, Kerberos, WEP, WPA/WPA2, etc) and other features.
It has an attractive GUI and is simple for capturing and viewing data. It is portable, compatible and a free open-source sniffer.
Tcpdump is one of the oldest packet sniffing softwares, still in use. It has been the standard for packet sniffing for many network administrators since the late 80s.
It was developed for UNIX systems and has slowly evolved as Windump for Windows systems.
Tcpdump is a powerful command-line packet sniffer tool. Its latest version is 4.9.2, launched on September 3, 2017.
Tcpdump lacks some of the attractive capabilities of more robust software available nowadays, but it remains user’s choice due to its ability to capture and recording packets with little system overhead.
Kismet is ideal for wireless packet sniffing. It can sniff and analyze the traffic of hidden networks or unbroadcasted SSIDs. It is suitable for *NIX, Windows under Cygwin and OSX environments.
The latest Kismet 2018 beta version provides a wide variety of features to the users. For example, it has a new web-based UI.
Also, it offers live streaming of real-time captures over HTTP, new super-light capture code, multithreaded packet-decoding for higher workloads, etc.
Thus, Kismet is preferred by many users due to its user-friendly nature as well as the provision of a wide range of features, including the ability to overcome the hardships of wireless packet sniffing.
EtherApe is very similar to WireShark, the difference being EtherApe is very much graphically driven. EtherApe is free and open-source and suitable for *NIX and OSX environments.
EtherApe examines the network packets and represents them visually. It also studies standard formats of existing captures and allows viewing of network packets in real time.
It can look at the traffic either within the network, end to end IP or port to port TCP. Live data can also be read from Ethernet, FDDI, PPP, SLIP and WLAN interfaces.
Also, a protocol summary dialog displays global traffic statistics by the protocol.
Network miner is another excellent packet sniffer software. It is a free and open source, initially built for Windows but also works in Linux, Mac OS X, and FreeBSD. It has been in use since 2007.
Network miner can work passively to detect operating systems, sessions, open ports, hostnames, etc without putting traffic on the network. It can parse PCAP files for offline analysis and reassembles transmitted files from them.
It is widely used in many organizations. It aids in performing advanced network traffic analysis and has an intuitive UI.
Network miner can extract and display user credentials like usernames and passwords for supported protocols.
The paid version “NetworkMiner Professional” is designed exclusively on a USB flash drive. For better results, copy the application to the local hard drive of your computer.
The single-user license for NetworkMiner Professional costs USD 900 per individual, valid for three years and includes free updates and support.
The Corporate license costs USD 4500, can be used by multiple users in an organization and never expires. It provides free updates and support in the first year only, and after that costs USD 900/year.
You can download this application from Plastic Water Software. It is a small, simple packet sniffer and offers advanced features.
For example, it provides options for IP filtering, port specific tracking, IP list and to ignore selected IPs.
It is not as developed as the other advanced packet sniffers available today but is user-friendly and provides all information necessary for a user to know. It requires a .NET framework for functioning correctly.
Network probe is an excellent free protocol analyzer. It is ideal for traffic-level network monitoring and instantly alerts you whenever any network slow-downs occur.
It provides an overview of the throughput of the network under observation, and the number of hosts, conversations and protocols seen on the network.
Network Probe quickly displays the protocols in use, which hosts are sending or receiving packets, where the traffic is coming from, etc.
It also lets you know the most active protocols, talkers, listeners, etc on your network.
You can add alarm monitors to any traffic entry on your network and set up the application to notify you through emails or call scripts when an alarm is triggered.
The latest version 3.0 also offers new user interface, provision for adding alarms and alarm actions, the multiprobe connection along with other additional features.
Packet sniffing is the technique of capturing data packets flowing across a computer network, and the software with which it is done is called the packet sniffer.
Packet sniffers are used by network administrators in many organizations to monitor network traffic. But, they can also be misused by cybercriminals to gain sensitive user data illegally or to infiltrate into others’ networks.
There are multiple packet sniffer softwares available in the cyber world. They may be paid or free. Each of them has different characteristics.
We have already discussed some of the well-known packet sniffers which are used by people.
For example, Solarwinds, Tcpdump, Kismet, Network miner, etc are famous for their user-friendly approach, good network monitoring capabilities, and many other features.
Well, before downloading any such free software, make sure it is legitimate as most of the time, trojans and viruses pose as free software and can easily intrude your system with one click!