Best Free Network Analysis Tools
|
In a Hurry?
|
|
Introduction
|
|
Network analysis tools enable diagnosis of problems or allow exploration of all hardware on a computer network. They generally fall into three categories :
Packet analyzers allow capture and display of individual messages being processed by your computers network card. Port scanners are designed to probe other computers or network devices on a network and report interesting information. Hardware scanners investigate what is on the network and report back what it finds. The key difference between what a port scanner does versus a hardware scanner is the area it is scanning. Port scanners only focus on ports that are open and they sometimes attempt to see what is listening to that port on that device. Hardware scanners on the other hand are more intelligent and look at the bigger picture of what the purpose of that device is and how it is interacting on the network. All of these tools are invaluable for those wanting to learn about networking or just want to investigate what is on their network and what each device is doing. |
|
Discussion
|
|
WireShark (formerly Ethereal) has established itself as the de-facto packet analyzer. It can capture packets of standard ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl. Ettercap goes beyond packet capture, allowing investigation and simulation of low level network attacks — ARP cache poisoning, DHCP hijack etc. It can also be extended with external scripts. A powerful tool in the right hands — use carefully on your live network. Both programs require installation of Windows Packet Capture package (WinPcap). WinPcap allows for other software to 'listen' secretly to the information coming and going through the network card on the computer. I found it better to install the latest winpcap first, rather than versions included with the programs. Nmap will scan an individual IP address. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap. Angry IP is a very lightweight program that allows you to quickly scan a range of IP addresses. It provides less information and options than Nmap, but shows open ports and highlights which addresses are active. One thing to keep in mind when using tools like these for network analysis is that if the network devices are connected together through switches instead of hubs the data will not be visible to all connected devices. Switches route data from a specific device to another specific device. Tools like WinPcap that listen on the network card for traffic flowing through that card are not going to see traffic on the network unless it has been specifically targeted for that machine running WinPcap. Think of it this way; there may be 8 lanes of traffic on a highway but there are 20 foot barriers between each lane and each lane only takes you to one specific exit. This example shows that although you are only a few feet from other traffic you are unable to see the cars to the left or right and you have no idea where they are going. That is exactly the way a switched network operates. If you are listening to traffic on a particular computer or server and expect to see a representation of all traffic you are not going to get what you are looking for. |
|
Related Products and Links
|
|
You might want to check out these articles too: |
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
Editor
|
|
This software category is maintained by volunteer editor jhand |
|
Tags
|
|
free network analysis tools, network analysis, packet analyser, ip address, free port scanners, freeware |
Back to the top of the article
Delicious
Digg
StumbleUpon
Please rate this article


Subscribe to our 
I tried the free version of Network Probe 3.0
Despite all the blurb, when you install it you can only monitor your own PC. Or am I missing something ?
As of May 14th, 2009, Netscantools has released a "freeware" edition that is similiar to their Netscantools PRO ("paid" version of) Netscantools.
Several network troubleshooting tools are built into the "basic"package, by default.
Link to free version.
http://www.netscantools.com/nstbasicmain.html
Does anything mentioned here capture local (127.0.0.1) traffic? Is there any freeware capable of doing this? CommView, for example, can capture local traffic, but it's commercial soft.
lloonn
Try NEWT professional. Can't say if it is the best, but is at least on par with Angry IP scanner and similar.
It is for home networks only, becasuse the limit for free version is 25 computers.
What about the network utilities by Nir Sofer?
http://www.nirsoft.net/
In general his website is packed with great stuff.
MikroTik The Dude network monitor homepage is
http://www.mikrotik.com/dude/
Some of the best free neetwork tools in the net:
MikroTik The Dude network monitor
http://forum.mikrotik.com/
Forum: http://forum.mikrotik.com/viewforum.php?f=8&sid=e065a26b66f01efde979414b...
NetView
http://www.killprog.com/netviewe.html
LanSpy, LanShutDown, LanCalculator, LanWhoIs, Find MAC Address, Remote Process Explorer
http://lantricks.com/
SolarWinds Freeware: SolarWinds Free TFTP Server, VM Monitor, SolarWinds Free Real-time NetFlow Analyzer, SolarWinds Free Exchange Monitor, SolarWinds Free NetFlow Configurator, SolarWinds Free Advanced Subnet Calculator, SolarWinds Free Wake-On-LAN
http://www.solarwinds.com/products/freetools/
Free IP Scanner
http://www.eusing.com/ipscan/free_ip_scanner.htm
HOME NETWORK CHATTER
Hi. Quick question -
There has got to be some kind of well-written, easy-to-use freeware (or a few different programs that can be used to get different partial views of what I'm looking for) that can listen to the chatter on my home network and figure out:
** what-all devices are attached (even if the device is being stingy about letting others know it is on the network)
** determine which device(s) is/are the biggest chatterboxes
** tell which device is talking to which other device
- and why
- and what it's saying to the other device
- or what it wants from the other device
** put into layman's terms what all the traffic is
** be able to summarize the the transmissions in addition to providing each transmission (and still putting each into layman's terms)
** be able to work on XP and Vista
My home network has SO MUCH CHATTER on it it is rediculous!
I have a cat5 network storage device and the ntwk light is blinking constantly and the drive light is also blinking as well so there's something wierd going on there.
I think my wireless printer is also talking up a storm as well.
I think all this BS chatter is slowing down the meaningful traffic and reducing the throughput.
Thanks for reading and thanks in advance for any help you can provide.
Check http://www.techsupportalert.com/content/re-router-network-protection-wit...
Get a good firewall and test it using Nmap.
Hi Guys,
I think you should also consider Advaance IP Scanner, Advance LAN Scanner and Advance Port Scanner from RADMIN.
http://www.radmin.com/products/utilities/index.php
Shakeel
Hello!
http://sourceforge.net/projects/packetyzer/
;-)
kimu
Here's a good one... Look@LAN. It seems more appropriate in the port scanner sub-cat, but has a lot more up its sleave than that. It sure is worth evaluating.
http://www.lookatlan.com/
RE: HOME NETWORK CHATTER
Hi Rezkit - Thanks for the reply.
I have tried Look@Lan and it does not really do the job for me. I have found it does not update what it "knows" about the lan properly and it does not give me the details and the summary info I need.
I have some devices that talk non-stop. I need something that will tell me what is being said in tech terms and in human terms.
My network card hears boatloads of chatter - BOATLOADS.
I need something that will display all transmissions it hears and display them in tech and human terms (ie what it means) - this can be info overload so I would also need the software to summarize it as well like this:
None of this is real it is just my example of something I need for a summary.
Even if I need to use several different SW packages to get the job done.
Isn't there a network scanner that works for dial-up? I guess you forgot to mention the free Microsoft Network Monitor, but that doesn't work for dial-up either.
Adrian,
Are traceroute apps in this group?
chris.p
Hi Chris, there is a seperate category for traceroute that has not been included in the security group. As they are closely linked I have added a Related Topic link to it.
Adrian
Post new comment