About
Network Sniffer records network data unit (ie packet or message)
The record can be done by:
- sniffing
- SNMP,
- WMI,
- proxy
- or local agents
Usage
- Packet analysis: After being captured, a packet analysis may be performed to get insight.
- measure bandwidth used on individual machines and routers.
Type of data unit
Ethernet frame
Most of the capture applications are based on the libpcap library to capture Ethernet frame
Npcap / Window
Npcap 1) is the Nmap Project's packet capture (and sending) library for Microsoft Windows. It implements the open Pcap API it is only used with Nmap, Wireshark.
Npcap is a drop-in replacement for winpcap in most applications.
WinPcap
Ethereal Wireshark
Wireshark (bases on winpcap)) Wireshark uses this library to capture live network data on Windows. )
Windump
WinDump 2) is the Windows version of tcpdump
Ngrep Linux
ngrep (network grep) is a network packet analyzer written by Jordan Ritter. It has a command-line interface and relies upon the pcap library and the GNU regex library.
Java Pcap
- A Java library for capturing, crafting, and sending packets. https://www.pcap4j.org/
Netcap
netcap (XP and 2003 support tools)
NetMon
NmCap
nmcap is part of Netmon 3.x.
Packetyzer
Old, wireshark based. https://sourceforge.net/projects/packetyzer/
IP Packet
Tcpdump
tcpdump is a command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.
TCPMon
deprecated
Tcp Flow
Message
HTTP
HTTP sniffers are HTTP proxy that record the HTTP request and response while they pass through them.
List:
- Fiddler captures HTTP and HTTPS traffic
- https://www.charlesproxy.com/ - 50 bucks
- http://www.effetech.com/ - a few bucks