Network analysis tools enable diagnosis of problems or allow exploration of all hardware on a computer network.
They generally fall into three categories:
- packet analyzers allow capture and display of individual messages being processed by your computers network card
- port scanners are designed to probe other computers or network devices on a network and report interesting information
- hardware scanners investigate what is on the network and report back what it finds.
The key difference between what a port scanner does versus a hardware scanner is the area it is scanning. Port scanners only focus on ports that are open and they sometimes attempt to see what is listening to that port on that device.
Hardware scanners on the other hand are more intelligent and look at the bigger picture of what the purpose of that device is and how it is interacting on the network.
All of these tools are invaluable for those wanting to learn about networking or just want to investigate what is on their network and what each device is doing.
Go straight to the Quick Selection Guide
WireShark (formerly Ethereal) has established itself as the premier packet analyzer. It can capture packets of standard ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl.
WireShark requires installation of Windows Packet Capture package (WinPcap). WinPcap allows for other software to 'listen' secretly to the information coming and going through the network card on the computer. I found it better to install the latest winpcap first, rather than versions included with the programs.
Nmap will scan an individual IP address or a range. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap.
Angry IP is a very lightweight program that allows you to quickly scan a range of IP addresses. It provides less information and options than Nmap, but shows open ports and highlights which addresses are active.
One thing to keep in mind when using tools like these, for network analysis, is that if the network devices are connected together, through switches instead of hubs, the data will not be visible to all connected devices. Switches route data from a specific device to another specific device.
Tools like WinPcap that listen on the network card, for traffic flowing through that card, are not going to see traffic on the network unless it has been specifically targeted for that machine running WinPcap.
Think of it this way; there may be 8 lanes of traffic on a highway but there are 20 foot barriers between each lane and each lane only takes you to one specific exit. This example shows that although you are only a few feet from other traffic you are unable to see the cars to the left or right and you have no idea where they are going. That is exactly the way a switched network operates. If you are listening to traffic on a particular computer or server and expect to see a representation of all traffic you are not going to get what you are looking for.
You might want to check out these articles too:
- Best Free Wi-Fi Network Finder Utility
- NetSetMan lets easily you change your network settings on the fly
- "Re-Router" - Network Protection without Network Hardware
free network analysis tools, network analysis, packet analyser, ip address, free port scanners, freeware