A Network Protocol Analyzer is a tool used to capture and analyze signals and data traffic over a communication channel. It is a tool for troubleshooting, securing, analyzing, and maintaining productive, efficient networking infrastructures. Network protocol analysis is the truth serum of network communications. If you want to find out why a network device is functioning in a certain way, use a protocol analyzer to sniff the traffic and expose the data and protocols that pass along the wire.
You can use a network protocol analyzer LAN or WiFi traffic, this even includes password protected communication such as WEP, WPS and WPS2:
- Troubleshoot hard-to-solve problems
- Detect and identify malicious software (malware)
- Gather information, such as baseline traffic patterns and network-utilization metrics
- Generate traffic for penetration testing
- Work with an Intrusion Detection System (IDS) or a honeypot
- Spy and eavesdrop on traffic (e.g., locate unauthorized Instant Messaging—IM—traffic or wireless Access Points—APs)
↓ 01 – Wireshark | Windows | macOS
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
↓ 02 – tcpdump | macOS | Linux
tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. tcpdump can write packets to standard output or a file.
It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as Telnet or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.
↓ 03 – WinDump (tcpdump) | Windows
WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules. It can run under Windows 95, 98, ME, NT, 2000, XP, 2003 and Vista.
WinDump captures using the WinPcap library and drivers, which are freely downloadable from the WinPcap.org website. WinDump supports 802.11b/g wireless capture and troubleshooting through the Riverbed AirPcap adapter.
↓ 04 – Ettercap | Windows | macOS | Linux
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
↓ 05 – Nirsoft SmartSniff | Windows
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS).
↓ 06 – Microsoft Message Analyzer [ Discontinued ] | Windows
Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components. Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree grid view and other selectable graphical views that employ grids, charts, and timeline visualizer components which provide high-level data summaries and other statistics.
It also enables you to configure your own custom data viewers. In addition, Message Analyzer is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.