Best Free Network Analysis Tools

 
Introduction

Network analysis tools enable diagnosis of problems or allow exploration of all hardware on a computer network.

They generally fall into three categories:

  • packet analyzers allow capture and display of individual messages being processed by your computers network card
  • port scanners are designed to probe other computers or network devices on a network and report interesting information
  • hardware scanners investigate what is on the network and report back what it finds.

The key difference between what a port scanner does versus a hardware scanner is the area it is scanning. Port scanners only focus on ports that are open and they sometimes attempt to see what is listening to that port on that device.

Hardware scanners on the other hand are more intelligent and look at the bigger picture of what the purpose of that device is and how it is interacting on the network.

All of these tools are invaluable for those wanting to learn about networking or just want to investigate what is on their network and what each device is doing.

 
In a Hurry?

Go to details...  Go straight to the Quick Selection Guide

 
Discussion

WireShark (formerly Ethereal) has established itself as the premier packet analyzer. It can capture packets of standard ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl.

WireShark requires installation of Windows Packet Capture package (WinPcap). WinPcap allows for other software to 'listen' secretly to the information coming and going through the network card on the computer. I found it better to install the latest winpcap first, rather than versions included with the programs.

 

Nmap will scan an individual IP address or a range. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap.

 

Angry IP is a very lightweight program that allows you to quickly scan a range of IP addresses. It provides less information and options than Nmap, but shows open ports and highlights which addresses are active.

 

One thing to keep in mind when using tools like these, for network analysis, is that if the network devices are connected together, through switches instead of hubs, the data will not be visible to all connected devices. Switches route data from a specific device to another specific device.

Tools like WinPcap that listen on the network card, for traffic flowing through that card, are not going to see traffic on the network unless it has been specifically targeted for that machine running WinPcap.

Think of it this way; there may be 8 lanes of traffic on a highway but there are 20 foot barriers between each lane and each lane only takes you to one specific exit. This example shows that although you are only a few feet from other traffic you are unable to see the cars to the left or right and you have no idea where they are going. That is exactly the way a switched network operates. If you are listening to traffic on a particular computer or server and expect to see a representation of all traffic you are not going to get what you are looking for.

 
Related Products and Links

You might want to check out these articles too:

 
Quick Selection Guide

WireShark
4.5
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
De-facto packet analyzer, captures packets of standard ethernet, PPP and VPN interfaces.
http://www.wireshark.org
1.10.0
21.2 MB Win 32 exe
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows, Mac OS X, Linux

View the release notes here

Nmap
4.5
 
Runs as a stand-alone program on a user's computer
Scans an individual IP address or multiple addresses, reports on open ports, interesting information and the likely type of device/operating system. Has both a GUI and Command Line interface.
http://nmap.org
6.25
25.4 MB Win setup exe
32 bit but 64 bit compatible
Open source freeware
A portable version of this product is available from the developer.
Windows, Mac OS X, Linux

v6.25 available 29 November, 2012
View the changelog here

Angry IP
4
 
Runs as a stand-alone program on a user's computer
Very lightweight, allows to quickly scan a range of IP addresses.
Provides less information and options than Nmap.
http://www.angryip.org/w/About
3.2
1.47 MB Win 32 exe
32 and 64 bit versions available
Open source freeware
There is no portable version of this product available.
Windows, Mac OS X, Linux

v3.2 released 13 March, 2013

 
Editor

This software category is in need of an editor. If you are interested in taking it over then check out this page for more details. You can then contact us from that page or by clicking here.

 
Tags

free network analysis tools, network analysis, packet analyser, ip address, free port scanners, freeware

Back to the top of the article.

 

Share this
4.333335
Average: 4.3 (15 votes)
Your rating: None

Comments

by Andreas Th on 12. December 2013 - 13:39  (112909)

Good information! Thanks!
It looks the list misses 1 great FREE and VERY EASY program,
which I've been using for 2 years or so.
The prog is called EasyNetMonitor - network monitor.

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.