network sniffers

[big_easy]

what is the best and latest network sniffer

[zom]

yea i would need 1 too...can some 1 suggest?

[attarea]

            have you ever heard of Ethereal ?  it's one of the biggest network sniffers out there . i think it's free on the internet . just have to google it .  apart from ethereal , there are others .

                        attilah57@yahoo.com

[amgds]

windump: tcpdump for windows is a port of linux tcpdump is a good choice too. Go to winpcap.org and try it. By the way windump is freeware.

[vietwow]

combinate between Ethereal and tcpdump is best !!!

[Laurent]

People, Ethereal is the choice if you wanna go free...the latest version I think is 10.14 and it is really great. I didn't use tcpdump so much but as I remember it was quite simple like only text compared with the newer versions of ethereal that even put some color to diferentiate traffic and make it all easier on the eyes.
In the other hand if you are willing to dive a little in your poket, Clear Sight may just be right for you specially if you are beginning to study how a specific protocol works and its traffic flow because CS is a visual sniffer. It shows you the traffic flow with arrows going from client to server, pointing out possible problems, separating traffic in folders and even generating reports.
I work with VoIp and ane thing that ethereal lacks is the ability to play certain rtp payload types that use  proprietary codecs...thats when Clear Sight comes to place.
Check it out if you have the chance...CS has and trial version on their site (can't remember now, just google for it)
Cheers! 

[scorpion]

Ethereal is best.

[funnyusa]

Ethereal is good but it is not intuitive enough. However, if your career is IT field, it is worth to dig into it and learn how to use

[jcps]

Ethereal is good

[bmw007]

Snort from snort.org i think better..

[gaivota]

u can also check NTOP, it's good for auditing

Gaiv

[din]

choose yourself:
_http://www.insecure.org/tools.html

[paulg]

Our group uses several product, free and commercial.

Ethereal as others have posted is free and very good. Available at http://www.ethereal.com/
Decodes are updated frequently which is an advantage over some of the bigger commercial
products, and the latest versions have become a lot more intuitive to use. There are a lot of
"hidden" features, check out the analysis and statistics tabs. It now sorts VoIP calls and associates
the setup with the RTP data for H323, SIP and Skinny. The RTP analysis screen indicates packet
loss and sequence issues.

Packetyzer is built on Ethereal and has a few neat gui features. Get it from http://www.networkchemistry.com/products/packetyzer.php.
The TCP ladder diagramme is cool especially for new networkers learning TCPIP.
They dig a little more into 802.11 and sell hardware required for wireless capture.

Clearsight is very good for application analysis. The expert engine has some quirks, you have to enable
specific errors or they won't be flagged. It has voice and video playback. BTW the third party decode
engine it utilizes is based on Ethreal. A demo version is on their site
http://www.clearsightnetworks.com/

Fluke Protocol Expert is a rebrand of Shimotis Surveyor. Has VoIP features with playback, a good
expert engine, traffic generator and other features.
www.flukenetworks.com

Hammer voip analyzer has a protocol analyzer built in but is primarily designed for VoIP analysis
http://empirix.com/default.asp?action=article&ID=522

Network General is one of the original packet analyzer people. Sets the standard that all others have
had to meet or beat. Not always the first off the mark but allways good. The expert engine is good
but understand what it's telling you and setup the thresholds or you'll look silly. Sniffer is one of the
few that can detect layer 1 issues if you use their drivers and specific network cards.


---p

[gg]

Have you tried sniffit? It is old but usefull depending what do you want to do. Also ethercap is great tool...

[winetoo]

Gerald Combs, founder of the Ethereal project -- billed as the world's most popular network protocol analyzer -- caused a flurry of excitement among users and developers Wednesday when he announced on the Ethereal developers mailing list that he was changing jobs, moving to a new location, and taking the project and its core developers with him as he leaves.

His initial announcement to the list provided some explanation:

    I recently accepted a job with CACE Technologies, best known for WinPcap. This means that I get to work with Loris Degioanni and Gianluca Varenni, and that my wife and I get to raise our daughter in Davis, CA.

    The move also means a major change for the project. We're continuing development under the name "Wireshark", at http://www.wireshark.org/. The web site, mailing lists, bug tracker, SVN repository, buildbot, and other resources are already in place. All recent source code submissions have been checked into the new repository, and automated builds are available at http://www.wireshark.org/download/automated/.

    The next version of Wireshark will be 0.99.1. A prerelease version, 0.99.1pre1, is available for download right now at http://www.wireshark.org/download/.

Several developers were not happy with the sketchy explanation for the change and demanded to know more about what was happening. Several speculated on the secrecy and suddenness of the move.

Thursday night, Combs sent a long message to the developer's list, which directly answers most of the lingering questions and removes the mystery behind the move. Here is his (lightly edited for typos and emphasis) explanation of events:

    A lot of questions have been flying around about the name change. I'll try to answer them in this message and the next. If I missed one, please let me know.

    Why the name change?

    John R.'s synopsis is essentially correct. Several years ago, my former employer (NIS) registered trademarks for the Ethereal name and logo. At the time this provided valuable legal protection for the project. Unfortunately, when I left we weren't able to come to an agreement on the trademarks and they stayed behind.

    There are several details about this that I can't discuss, but I will say this: There was no "fight" between NIS and I. Although I'm deeply disappointed about the trademarks, I understand their decision. NIS is a great company and I still hold everyone there in high regard.

    My reason to leave had more to do with the opportunities available at CACE (for the project, my family, and myself) than anything. The "good stuff" that will come from moving to CACE will far outstrip any "bad stuff" from the name change.

    What will happen to Ethereal and ethereal.com? What about the mailing lists, bug tracker, etc.? Will an announcement be posted on the site?

    Dunno. That's up to my former employer.

    Why wasn't there a discussion about the name change?

    The name change wasn't discussed in public because that's a really, really dumb thing to do. Google for "openssh domain" for one example, but there are plenty of others. I've tried to make the project as open as possible, but there are some things that simply can't be discussed in public.

    Why was the name change kept secret for so long?

    I wasn't sure we had to change names until about two weeks ago. At that time the choice fell down to announcing the change immediately (with zero content on the Wireshark site) and getting some sort of minimal infrastructure in place. I chose the latter, which included a web site, mailing lists, bug tracker, SVN repository, and a downloadable prerelease. Getting everything set up took a little longer than expected. Ultimately, it was my decision, so if you don't like it, blame me.

    Finally, please don't dismiss my respect (and awe at various times) for the Wireshark/Ethereal developer and user community. I've been busting my ass for the last couple of weeks to ensure that we have the same (or better) support infrastructure under Wireshark that we did under Ethereal, and will continue to do so.

Combs also addressed the big question of "what happens to the Wireshark trademark now if Combs leaves CACE, or is hit by a bus?"

    I'll quit the project before we change the name again. There's no way I'm going through this crap a second time. The trademark registrations are in progress. They'll initially be owned by me.

    I'd like opinions from the community about where we should proceed after that. If you're comfortable with me holding the trademarks, I'd be proud to do so. If you'd rather see an organization formed to ensure the continued success of the project, I'd be happy about that too. If you have any other (realistic, constructive) suggestions, please send them.

Combs also wondered "why aren't there more umbrella organizations for open source like the ASF? In particular, why isn't there an umbrella organization for open source networking software?"