Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here

                  

 

Best Free Network Analysis Tools

 
Introduction

Network analysis tools enable diagnosis of problems or allow exploration of all hardware on a computer network.

They generally fall into three categories:

  • packet analyzers allow capture and display of individual messages being processed by your computers network card
  • port scanners are designed to probe other computers or network devices on a network and report interesting information
  • hardware scanners investigate what is on the network and report back what it finds.

The key difference between what a port scanner does versus a hardware scanner is the area it is scanning. Port scanners only focus on ports that are open and they sometimes attempt to see what is listening to that port on that device.

Hardware scanners on the other hand are more intelligent and look at the bigger picture of what the purpose of that device is and how it is interacting on the network.

All of these tools are invaluable for those wanting to learn about networking or just want to investigate what is on their network and what each device is doing.

 
In a Hurry?

Go to details...  Go straight to the Quick Selection Guide

 
Discussion

WireShark (formerly Ethereal) has established itself as the premier packet analyzer. It can capture packets of standard ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl.

WireShark requires installation of Windows Packet Capture package (WinPcap). WinPcap allows for other software to 'listen' secretly to the information coming and going through the network card on the computer. I found it better to install the latest winpcap first, rather than versions included with the programs.

 

Nmap will scan an individual IP address or a range. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap.

 

Angry IP is a very lightweight program that allows you to quickly scan a range of IP addresses. It provides less information and options than Nmap, but shows open ports and highlights which addresses are active.

 

One thing to keep in mind when using tools like these, for network analysis, is that if the network devices are connected together, through switches instead of hubs, the data will not be visible to all connected devices. Switches route data from a specific device to another specific device.

Tools like WinPcap that listen on the network card, for traffic flowing through that card, are not going to see traffic on the network unless it has been specifically targeted for that machine running WinPcap.

Think of it this way; there may be 8 lanes of traffic on a highway but there are 20 foot barriers between each lane and each lane only takes you to one specific exit. This example shows that although you are only a few feet from other traffic you are unable to see the cars to the left or right and you have no idea where they are going. That is exactly the way a switched network operates. If you are listening to traffic on a particular computer or server and expect to see a representation of all traffic you are not going to get what you are looking for.

 
Related Products and Links

You might want to check out these articles too:

 
Quick Selection Guide

WireShark
4.5
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
De-facto packet analyzer, captures packets of standard ethernet, PPP and VPN interfaces.
http://www.wireshark.org
1.10.0
21.2 MB Win 32 exe
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows, Mac OS X, Linux

View the release notes here

Nmap
4.5
 
Runs as a stand-alone program on a user's computer
Scans an individual IP address or multiple addresses, reports on open ports, interesting information and the likely type of device/operating system. Has both a GUI and Command Line interface.
http://nmap.org
6.25
25.4 MB Win setup exe
32 bit but 64 bit compatible
Open source freeware
A portable version of this product is available from the developer.
Windows, Mac OS X, Linux

v6.25 available 29 November, 2012
View the changelog here

Angry IP
4
 
Runs as a stand-alone program on a user's computer
Very lightweight, allows to quickly scan a range of IP addresses.
Provides less information and options than Nmap.
http://www.angryip.org/w/About
3.2
1.47 MB Win 32 exe
32 and 64 bit versions available
Open source freeware
There is no portable version of this product available.
Windows, Mac OS X, Linux

v3.2 released 13 March, 2013

 
Editor

This software category is in need of an editor. If you are interested in taking it over then check out this page for more details. You can then contact us from that page or by clicking here.

 
Tags

free network analysis tools, network analysis, packet analyser, ip address, free port scanners, freeware

Back to the top of the article.

 

Share this
4.333335
Average: 4.3 (15 votes)
Your rating: None

Comments

by Andreas Th on 12. December 2013 - 13:39  (112909)

Good information! Thanks!
It looks the list misses 1 great FREE and VERY EASY program,
which I've been using for 2 years or so.
The prog is called EasyNetMonitor - network monitor.

by Brian.Dao (not verified) on 3. May 2012 - 5:38  (92949)

Hello,
Just want to introduce a great network tool called Pinkie
Download at ipUpTime.net

Brian

by Mark Batten-Carew (not verified) on 4. April 2012 - 17:49  (91645)

My need is very similar to the 10-Oct-2008 posting, but even simpler.

I am looking for a very simple tool to monitor a home network, just to see which computer (or device) on a home network is taking up all the bandwidth (and if possible, what type of traffic it is).

The goal is to know, when we are exceeding our ISP download limits, who is causing it and with what app.

Does anyone know of an application that does this: monitors the network, and counts the number of packets to/from every device on the network, and hopefully what type of packet it is?

Thanks for any pointers!
Mark

by vulcanmeister on 20. May 2012 - 20:32  (93754)

I also have been fruitlessly searching for a simple network tool that would allow me to monitor the bandwidth used by each computer on our home wireless network and even limit the bandwidth of any particular computer.

by jhand on 26. April 2012 - 11:31  (92632)

Mark,

In the old days when everything connected via Hubs and not switches you could run packet capturing software on a computer plugged into the hub and since all packets bounced around everywhere looking for its destination you could see all traffic. Now though, switches route which means you have to have a switch that either allows for mirroring all traffic to one port that you can then packet capture on or have a firewall that allows you see all the traffic as it comes and goes through the firewall.

Most home routers do not have this kind of reporting but there are opensource firmware replacements like DD-WRT and Tomato (https://en.wikipedia.org/wiki/Tomato_%28firmware%29) that provide more features but getting specific details of what IP address is sending/receiving through what ports requires alot of logging which is not usually found in home routers/firewalls.

I don't know why there aren't more devices like this for home users for those of us that do want more granular reporting and control over our home networks but maybe someone will notice the void and develop affordable products in the near future.

-Jason

by Anonymous71Darrin (not verified) on 21. August 2011 - 22:27  (78113)

Thanks MidnightCowboy! I however am running a 64bit Windows 7 and RUBotted is 32bit only. IYHO what would be the most effective network analysis tool for a newbie to learn and use to identify possible botnets?

by MidnightCowboy on 22. August 2011 - 7:27  (78131)

This is difficult because although my system is x64 capable I choose to run x32. The best one (BotHunter) is still only available for Linux so Wireshark would be favourite although none of these tools are newbie friendly.

You could also try Trend Micro HouseCall x64

http://housecall.trendmicro.com/

Before doing any of this though it's important to understand what botnets are and how they operate.

http://www.malwarehelp.org/is-your-pc-part-of-a-zombie-botnet-check-now-...

by 71Darrin (not verified) on 20. August 2011 - 4:02  (78003)

Hello! Would any of the software listed here be able to identify any kind of botnets?

by MidnightCowboy on 20. August 2011 - 6:37  (78010)

If you mean are you possibly part of one? then yes, but you would need some experience to interpret the results. An easier option would be to install this one.

http://free.antivirus.com/rubotted/

by BG (not verified) on 11. August 2011 - 21:26  (77498)

List needs to be updated to remove the negative (incorrect) statement for nmap " Only scans one single IP address". Nmap is designed to scan large ranges of IP addresses efficiently and will accept many variations on how to specify hosts. Maybe the reviewer didn't realise that multiple hosts need to be separated by just a space.

by Mathieu (not verified) on 14. June 2011 - 1:58  (73762)

Hi am presenting myself Mathieu.
Great information, thanks.
Regards, Mathieu. ;)

by darkdog (not verified) on 19. October 2010 - 23:19  (59763)

Sorry, just a correction, NMAP always supported multiple IPs...

by Jennyhu (not verified) on 26. August 2010 - 6:58  (56743)

Great Post!
But did you try Capsa? A network analyzer quite like Wireshark, it's very powerful and just released the free version not long ago.

by Gert Buur (not verified) on 9. August 2010 - 18:44  (55693)

I keep loosing the Names of "devices on my Network, hence rendering the device un-reachable from other devices.. Is there a simple tool, who can monitor a simple HomeNetwork, with largely MS products, a Wired/Wireless router, an Internet Radio and a NAS..

Idea would be to On-line monitor, and display active devices by "names, IP address and or MAC address - and then ultimately find why certain Names disappear - whilst still being "pingable".
Thanks
Gert

by hassan007 (not verified) on 22. July 2010 - 19:58  (54762)

hi!
we are using a 4mb DSL connection..there is internal wiring in the home so that we can connect 4-5 pcs at a time.but i`m having a problem that if anyone starts downloading and i ask him are you downloading? he says no while on my end my explorer could not get any page because someone in the network start downloading and i cann`t trace who is using maximum speed of the internet connection by downloading something and snatching the whole speed of the connection ...

can i trace out the person playing tricks with others???

by Anonymous on 1. June 2010 - 14:49  (50798)

how to use wireshark to know ip of chatter

by Anonymous on 1. May 2010 - 4:41  (48876)

http://majorgeeks.com/Sam_Spade_d594.html

Sam Spade is also a great network tool.

ping - nslookup - whois - IP block - dig - traceroute finger - SMTP VRFY - web browser keep-alive - DNS zone transfer - SMTP relay check - Usenet cancel check - website download - website search - email header analysis - Email blacklist - query Abuse address

by Anonymous on 16. April 2010 - 14:01  (47778)

How about Microsoft NetMon for packet capture? It is much less "busy" than Wireshark.

by Anonymous on 7. March 2010 - 12:11  (45151)

Info Needed!

Is their any software that will show users on my home wireless network. I am wired but my router is both wireless and wired, we use both and I'd like to check if anyone is using our service. Also I'm accessing from wired PC.

Thanks R.K.

by jhand on 16. March 2010 - 1:49  (45639)

Your router should have a log feature and show you what IP addresses are being handed out by the DHCP services.

You could use Angry IP on your wired computer and have it scan your DHCP range to see if any other machines are active on your network.

Doing something like this requires some understanding of networking.

I would advise just making sure that you use WPA or WPA2 encryption on your wireless network so that no one can use it without the passphrase.

-Jason

by Anonymous on 25. November 2009 - 10:37  (37277)

HARDWARE SCANNERS
Its quite difficult to see from this list what is the best Hardware Scanner

by RichardB43 on 30. September 2009 - 3:46  (33578)

I tried the free version of Network Probe 3.0
Despite all the blurb, when you install it you can only monitor your own PC. Or am I missing something ?

by Anonymous on 29. July 2009 - 10:26  (25931)

As of May 14th, 2009, Netscantools has released a "freeware" edition that is similiar to their Netscantools PRO ("paid" version of) Netscantools.

Several network troubleshooting tools are built into the "basic"package, by default.

Link to free version.
http://www.netscantools.com/nstbasicmain.html

by Anonymous on 14. May 2009 - 18:22  (21579)

Does anything mentioned here capture local (127.0.0.1) traffic? Is there any freeware capable of doing this? CommView, for example, can capture local traffic, but it's commercial soft.

lloonn

by Anonymous on 20. December 2008 - 17:25  (12182)

Try NEWT professional. Can't say if it is the best, but is at least on par with Angry IP scanner and similar.

It is for home networks only, becasuse the limit for free version is 25 computers.

by donkeydonger (not verified) on 28. December 2010 - 2:07  (63374)

NEWT looks great, but xp users should know it doesnt support XPHOME

by Anonymous on 3. November 2008 - 13:49  (10015)

What about the network utilities by Nir Sofer?

http://www.nirsoft.net/

In general his website is packed with great stuff.

by Anonymous on 17. October 2008 - 21:49  (9265)

MikroTik The Dude network monitor homepage is
http://www.mikrotik.com/dude/

by Anonymous on 10. October 2008 - 13:53  (9009)

HOME NETWORK CHATTER

Hi. Quick question -

There has got to be some kind of well-written, easy-to-use freeware (or a few different programs that can be used to get different partial views of what I'm looking for) that can listen to the chatter on my home network and figure out:

** what-all devices are attached (even if the device is being stingy about letting others know it is on the network)
** determine which device(s) is/are the biggest chatterboxes
** tell which device is talking to which other device
- and why
- and what it's saying to the other device
- or what it wants from the other device
** put into layman's terms what all the traffic is
** be able to summarize the the transmissions in addition to providing each transmission (and still putting each into layman's terms)

** be able to work on XP and Vista

My home network has SO MUCH CHATTER on it it is rediculous!
I have a cat5 network storage device and the ntwk light is blinking constantly and the drive light is also blinking as well so there's something wierd going on there.

I think my wireless printer is also talking up a storm as well.
I think all this BS chatter is slowing down the meaningful traffic and reducing the throughput.

Thanks for reading and thanks in advance for any help you can provide.