Table of Contents

About

Network Sniffer records network data unit (ie packet or message)

The record can be done by:

  • sniffing
  • SNMP,
  • WMI,
  • proxy
  • or local agents

Usage

  • Packet analysis: After being captured, a packet analysis may be performed to get insight.
  • Network - Monitoring
  • measure bandwidth used on individual machines and routers.

Type of data unit

Ethernet frame

Most of the capture applications are based on the libpcap library to capture Ethernet frame

Npcap / Window

Npcap 1) is the Nmap Project's packet capture (and sending) library for Microsoft Windows. It implements the open Pcap API it is only used with Nmap, Wireshark.

Npcap is a drop-in replacement for winpcap in most applications.

WinPcap

WinPcap

Ethereal Wireshark

Wireshark (bases on winpcap)) Wireshark uses this library to capture live network data on Windows. )

Windump

WinDump 2) is the Windows version of tcpdump

Ngrep Linux

ngrep (network grep) is a network packet analyzer written by Jordan Ritter. It has a command-line interface and relies upon the pcap library and the GNU regex library.

Java Pcap

Netcap

netcap (XP and 2003 support tools)

NetMon

NmCap

nmcap is part of Netmon 3.x.

Packetyzer

Old, wireshark based. https://sourceforge.net/projects/packetyzer/

IP Packet

IP packet

Tcpdump

tcpdump is a command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

TCPMon

deprecated

Tcp Flow

Message

HTTP

HTTP sniffers are HTTP proxy that record the HTTP request and response while they pass through them.

List:

Microsoft Message Analyzer

1)
https://npcap.com/
2)
https://www.winpcap.org/windump/default.htm