Get our Latest Finds
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
Follow Gizmo
Using this Site
Top Rated
Gizmo's Freeware is Recruiting
We are currently looking for people with skills and/or interest in the following areas:
- Rootkit Scanner and Remover
- Web Browser for Android
If this sounds like you then click here for more details
Best Free Network Analysis Tools
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
Network analysis tools enable diagnosis of problems or allow exploration of all hardware on a computer network. They generally fall into three categories :
Packet analyzers allow capture and display of individual messages being processed by your computers network card. Port scanners are designed to probe other computers or network devices on a network and report interesting information. Hardware scanners investigate what is on the network and report back what it finds. The key difference between what a port scanner does versus a hardware scanner is the area it is scanning. Port scanners only focus on ports that are open and they sometimes attempt to see what is listening to that port on that device. Hardware scanners on the other hand are more intelligent and look at the bigger picture of what the purpose of that device is and how it is interacting on the network. All of these tools are invaluable for those wanting to learn about networking or just want to investigate what is on their network and what each device is doing. |
|
Discussion
|
|
WireShark (formerly Ethereal) has established itself as the de-facto packet analyzer. It can capture packets of standard ethernet, PPP and VPN interfaces. I have used it many times to identify people running heavy reports bringing servers down to a crawl. WireShark requires installation of Windows Packet Capture package (WinPcap). WinPcap allows for other software to 'listen' secretly to the information coming and going through the network card on the computer. I found it better to install the latest winpcap first, rather than versions included with the programs. Nmap will scan an individual IP address or a range. It will report on open ports, interesting information and the likely type of device/operating system. This tool proved invaluable in proving to a client that the IP address he claimed was a print server in fact had a PC using it. Also requires WinPcap. Angry IP is a very lightweight program that allows you to quickly scan a range of IP addresses. It provides less information and options than Nmap, but shows open ports and highlights which addresses are active. One thing to keep in mind when using tools like these for network analysis is that if the network devices are connected together through switches instead of hubs the data will not be visible to all connected devices. Switches route data from a specific device to another specific device. Tools like WinPcap that listen on the network card for traffic flowing through that card are not going to see traffic on the network unless it has been specifically targeted for that machine running WinPcap. Think of it this way; there may be 8 lanes of traffic on a highway but there are 20 foot barriers between each lane and each lane only takes you to one specific exit. This example shows that although you are only a few feet from other traffic you are unable to see the cars to the left or right and you have no idea where they are going. That is exactly the way a switched network operates. If you are listening to traffic on a particular computer or server and expect to see a representation of all traffic you are not going to get what you are looking for. |
|
Related Products and Links
|
|
You might want to check out these articles too: |
|
Editor
|
|
This software category is maintained by volunteer editor jhand |
|
Tags
|
|
free network analysis tools, network analysis, packet analyser, ip address, free port scanners, freeware |
Back to the top of the article
- Article type:
Printer-friendly version
Comments
Thanks MidnightCowboy! I however am running a 64bit Windows 7 and RUBotted is 32bit only. IYHO what would be the most effective network analysis tool for a newbie to learn and use to identify possible botnets?
This is difficult because although my system is x64 capable I choose to run x32. The best one (BotHunter) is still only available for Linux so Wireshark would be favourite although none of these tools are newbie friendly.
You could also try Trend Micro HouseCall x64
http://housecall.trendmicro.com/
Before doing any of this though it's important to understand what botnets are and how they operate.
http://www.malwarehelp.org/is-your-pc-part-of-a-zombie-botnet-check-now-...
Hello! Would any of the software listed here be able to identify any kind of botnets?
If you mean are you possibly part of one? then yes, but you would need some experience to interpret the results. An easier option would be to install this one.
http://free.antivirus.com/rubotted/
List needs to be updated to remove the negative (incorrect) statement for nmap " Only scans one single IP address". Nmap is designed to scan large ranges of IP addresses efficiently and will accept many variations on how to specify hosts. Maybe the reviewer didn't realise that multiple hosts need to be separated by just a space.
Hi am presenting myself Mathieu.
Great information, thanks.
Regards, Mathieu. ;)
Sorry, just a correction, NMAP always supported multiple IPs...
Great Post!
But did you try Capsa? A network analyzer quite like Wireshark, it's very powerful and just released the free version not long ago.
I keep loosing the Names of "devices on my Network, hence rendering the device un-reachable from other devices.. Is there a simple tool, who can monitor a simple HomeNetwork, with largely MS products, a Wired/Wireless router, an Internet Radio and a NAS..
Idea would be to On-line monitor, and display active devices by "names, IP address and or MAC address - and then ultimately find why certain Names disappear - whilst still being "pingable".
Thanks
Gert
hi!
we are using a 4mb DSL connection..there is internal wiring in the home so that we can connect 4-5 pcs at a time.but i`m having a problem that if anyone starts downloading and i ask him are you downloading? he says no while on my end my explorer could not get any page because someone in the network start downloading and i cann`t trace who is using maximum speed of the internet connection by downloading something and snatching the whole speed of the connection ...
can i trace out the person playing tricks with others???
how to use wireshark to know ip of chatter
http://majorgeeks.com/Sam_Spade_d594.html
Sam Spade is also a great network tool.
ping - nslookup - whois - IP block - dig - traceroute finger - SMTP VRFY - web browser keep-alive - DNS zone transfer - SMTP relay check - Usenet cancel check - website download - website search - email header analysis - Email blacklist - query Abuse address
How about Microsoft NetMon for packet capture? It is much less "busy" than Wireshark.
Info Needed!
Is their any software that will show users on my home wireless network. I am wired but my router is both wireless and wired, we use both and I'd like to check if anyone is using our service. Also I'm accessing from wired PC.
Thanks R.K.
Your router should have a log feature and show you what IP addresses are being handed out by the DHCP services.
You could use Angry IP on your wired computer and have it scan your DHCP range to see if any other machines are active on your network.
Doing something like this requires some understanding of networking.
I would advise just making sure that you use WPA or WPA2 encryption on your wireless network so that no one can use it without the passphrase.
-Jason
HARDWARE SCANNERS
Its quite difficult to see from this list what is the best Hardware Scanner
I tried the free version of Network Probe 3.0
Despite all the blurb, when you install it you can only monitor your own PC. Or am I missing something ?
As of May 14th, 2009, Netscantools has released a "freeware" edition that is similiar to their Netscantools PRO ("paid" version of) Netscantools.
Several network troubleshooting tools are built into the "basic"package, by default.
Link to free version.
http://www.netscantools.com/nstbasicmain.html
Does anything mentioned here capture local (127.0.0.1) traffic? Is there any freeware capable of doing this? CommView, for example, can capture local traffic, but it's commercial soft.
lloonn
Try NEWT professional. Can't say if it is the best, but is at least on par with Angry IP scanner and similar.
It is for home networks only, becasuse the limit for free version is 25 computers.
NEWT looks great, but xp users should know it doesnt support XPHOME
What about the network utilities by Nir Sofer?
http://www.nirsoft.net/
In general his website is packed with great stuff.
MikroTik The Dude network monitor homepage is
http://www.mikrotik.com/dude/
HOME NETWORK CHATTER
Hi. Quick question -
There has got to be some kind of well-written, easy-to-use freeware (or a few different programs that can be used to get different partial views of what I'm looking for) that can listen to the chatter on my home network and figure out:
** what-all devices are attached (even if the device is being stingy about letting others know it is on the network)
** determine which device(s) is/are the biggest chatterboxes
** tell which device is talking to which other device
- and why
- and what it's saying to the other device
- or what it wants from the other device
** put into layman's terms what all the traffic is
** be able to summarize the the transmissions in addition to providing each transmission (and still putting each into layman's terms)
** be able to work on XP and Vista
My home network has SO MUCH CHATTER on it it is rediculous!
I have a cat5 network storage device and the ntwk light is blinking constantly and the drive light is also blinking as well so there's something wierd going on there.
I think my wireless printer is also talking up a storm as well.
I think all this BS chatter is slowing down the meaningful traffic and reducing the throughput.
Thanks for reading and thanks in advance for any help you can provide.
Check http://www.techsupportalert.com/content/re-router-network-protection-wit...
Get a good firewall and test it using Nmap.
Hi Guys,
I think you should also consider Advaance IP Scanner, Advance LAN Scanner and Advance Port Scanner from RADMIN.
http://www.radmin.com/products/utilities/index.php
Shakeel
Hello!
http://sourceforge.net/projects/packetyzer/
;-)
kimu
Here's a good one... Look@LAN. It seems more appropriate in the port scanner sub-cat, but has a lot more up its sleave than that. It sure is worth evaluating.
http://www.lookatlan.com/
Isn't there a network scanner that works for dial-up? I guess you forgot to mention the free Microsoft Network Monitor, but that doesn't work for dial-up either.
Post new comment