Please see the FAQ item "Are there any tools available for debugging Winsock programs?" for more information on sniffers and shims.

Ratings: Packages are rated on a simple 5-point system. Features and usablility are rated on the following scale:

	5 points	This is a wonderful product and you should waste no time getting it, if price permits.
	4 points	Nearly perfect. Its features are competitive with others in its price class.
	3 points	Adequate. This product may be mildly buggy, but it's tolerable. It does what the manual says it will, and it's reasonably usable.
	2 points	Yick! This product is buggy, weak, and/or hard to use. Use only if there's no other choice.
	1 point	This product is unusable. Stay away.

I've ranked these products from a network developer's perspective. Many of these products are actually targetted towards network administrators, so their focus is a bit off of what the developer needs. So, "alert via pager" features won't help a product's ratings, but available source code and a protocol dissector API will.

Price also matters. A program with features comparable to higher-priced programs gets one extra point. So, a cheap program given 3 points on its own merits would get an extra point if its features were comparable to a more expensive product.

Ratings do not take the platform into account. I do not know what systems you are comfortable with, or what you have available to you for debugging machines. So, I leave it to you to weight my ratings against your platform preferences. (Any apparent bias against the Unix and DOS text UI programs is due to inherent usability issues.)

If the "Date tried" field is "Long, long ago", the review is probably sadly outdated. I don't have any information on when I last tried the product in question.

Network Sniffers:

Package:	Wireshark
Author:	Many people!
Platform(s):	Unix, Win32
User interface:	GUI
Licensing:	GPL
Commentary:	Wireshark (née Ethereal) is probably the most popular sniffer in the world now, because it is both open source and usable. It has all the base features you'd expect in a sniffer. Although it lacks some of the features of the commercial sniffers aimed at network management folk, it is strong in other ways. For example it's a single click to turn a series of raw packets into a view showing the TCP conversation in logical order. Wireshark understands a great many protocols, allows for user-written protocol dissectors, can read capture files written by many other sniffer programs, and comes with source code. It's also portable to virtually all Unixen and to Windows. The latter is not an afterthought: Windows installers are built for every release, soon after the initial source code release. A truly killer feature is that you can use it to remotely debug network problems: you can dial or ssh into to any random Unix box at a remote customer site, upload a copy of the command line version of Wireshark (called 'tshark'), capture some network traffic to a file, then download it and look at it with Wireshark. I've used this feature a time or two, and it sure beats trying to use a GUI program over a slow remote link!
Date tried:	March 2006
Version evaluated:	0.10.14
Rating:

---

Package:	WinPCap and WinDump
Author:	Loris Degioanni, Paolo Politano, Fulvio Risso, and Piero Viano
Platform(s):	Win32
User interface:	Text interface
Licensing:	Freeware
Commentary:	This is a port of the libpcap and tcpdump suite from Unix to Windows. They also have a GUI packet capture program called Analyzer, but the project seems to be abandoned, no doubt due to the popularity of Ethereal. WinPCap is the best way to get low-level network access in your own programs, if you don't want to spend any money. Buying one of PCAUSA's kits may be a better choice if your time isn't free, though.
Date tried:	March 2006
Version evaluated:	3.1
Rating:

---

Package:	EtherPeek
Vendor:	WildPackets
Platform(s):	Win32
User interface:	GUI
Price:	$895
Licensing:	Commercial
Commentary:	I played with the demo, and found that I liked other Windows capture programs a bit better.
Date tried:	Long, long ago
Version evaluated:	unknown
Rating:

---

Package:	The Gobbler
Author:	Tirza van Rijn, University of Delft, The Netherlands
Platform(s):	DOS
User interface:	Text graphics
Licensing:	Freeware
Date tried:	Long, long ago
Version evaluated:	2.1
Rating:

---

Package:	Observer
Vendor:	Network Instruments
Platform(s):	Win32
User interface:	GUI
Price:	$995
Licensing:	Commercial
Commentary:	Observer is one of the "big boys" of network monitoring tools. However, between my initial passing review and a few reviews I've read in magazines, this package does not look as though it will dethrone the more popular packages any time soon.
Date tried:	Long, long ago
Version evaluated:	unknown
Rating:

---

Package:	PacketView
Vendor:	Klos Technologies
Platform(s):	Win32 and DOS
User interface:	Text graphics (DOS); Windows version untested
Price:	$1349 for Windows, $299 for DOS
Licensing:	Commercial
Date tried:	Long, long ago
Version evaluated:	unknown
Rating:

---

Winsock Shims:

Package:	TracePlus/Winsock
Vendor:	Systems Software Technology, Inc.
Platform(s):	Win32
User interface:	GUI
Price:	$200
Licensing:	Commercial
Date tried:	Never
Version evaluated:	unknown

---

Package:	SocktSpy
Vendor:	WinTECH
Platform(s):	Win32 and Win16
User interface:	GUI
Price:	$60
Licensing:	Commercial
Date tried:	Never
Version evaluated:	unknown

---

Miscellaneous Debugging Tools:

Package:	Atelier Web Security Port Scanner
Author:	José Páscoa
Platform(s):	Win32
User interface:	GUI
Price:	$34 and up, depending on support
Licensing:	Shareware
Date tried:	7/1/2000
Version evaluated:	3.02
Rating:

---

Package:	Vision
Vendor:	Foundstone
Platform(s):	Windows NT 4.0+ (i.e. not for Win9x kernels)
User interface:	GUI
Price:	Freeware
Licensing:	Freeware
Date tried:	Never
Version evaluated:	1.0

---

Package:	Inzider
Author:	Arne Vidstrom
Platform(s):	Win32
User interface:	Sorta GUI (an edit control, basically :) )
Licensing:	Freeware
Date tried:	6/28/2000
Version evaluated:	1.2
Rating:

---