Please see the FAQ item "Are
there any tools available for debugging Winsock programs?" for
more information on sniffers and shims.
Ratings: Packages are rated on a simple 5-point
system. Features and usablility are rated on the following scale:
 |
5 points |
This is a wonderful product and you should waste no
time getting it, if price permits. |
| |
4 points |
Nearly perfect. Its features are competitive with
others in its price class. |
| |
3 points |
Adequate. This product may be mildly buggy, but
it’s tolerable. It does what the manual says it will,
and it’s reasonably usable. |
| |
2 points |
Yick! This product is buggy, weak, and/or hard to
use. Use only if there’s no other choice. |
| |
1 point |
This product is unusable. Stay away. |
I’ve ranked these products from a network developer’s
perspective. Many of these products are actually targetted towards
network administrators, so their focus is a bit off of what
the developer needs. So, “alert via pager” features
won’t help a product’s ratings, but available source code
and a protocol dissector API will.
Price also matters. A program with features comparable to
higher-priced programs gets one extra point. So, a cheap program given
3 points on its own merits would get an extra point if its features
were comparable to a more expensive product.
Ratings do not take the platform into account. I do not know what
systems you are comfortable with, or what you have available to you
for debugging machines. So, I leave it to you to weight my ratings
against your platform preferences. (Any apparent bias against the
Unix and DOS text UI programs is due to inherent usability issues.)
If the “Date tried” field is “Long, long
ago,” the review is probably sadly outdated. I don’t have
any information on when I last tried the product in question.
Network Sniffers:
| Package: |
Wireshark |
| Author: |
Many people! |
| Platform(s): |
Unix, Win32 |
| User interface: |
GUI |
| Licensing: |
GPL |
| Commentary: |
Wireshark (née Ethereal) is probably the most popular sniffer
in the world now, because it is both open source and usable. It has
all the base features you'd expect in a sniffer. Although it lacks
some of the features of the commercial sniffers aimed at network
management folk, it is strong in other ways. For example it's a
single click to turn a series of raw packets into a view showing
the TCP conversation in logical order.
Wireshark understands a great many protocols, allows for user-written
protocol dissectors, can read capture files written by many other
sniffer programs, and comes with source code. It's also portable
to virtually all Unixen and to Windows. The latter is not an
afterthought: Windows installers are built for every release, soon
after the initial source code release.
A truly killer feature is that you can use it to remotely debug
network problems: you can dial or ssh into to any random Unix box
at a remote customer site, upload a copy of the command line version
of Wireshark (called 'tshark'), capture some network traffic to a
file, then download it and look at it with Wireshark. I've used
this feature a time or two, and it sure beats trying to use a GUI
program over a slow remote link!
|
| Date tried: |
March 2006 |
| Version evaluated: |
0.10.14 |
| Rating: |
 |
| Package: |
WinPCap and WinDump |
| Author: |
Loris Degioanni, Paolo Politano, Fulvio Risso, and Piero Viano |
| Platform(s): |
Win32 |
| User interface: |
Text interface |
| Licensing: |
Freeware |
| Commentary: |
This is a port of the libpcap and
tcpdump suite from Unix to Windows. They also have a GUI packet
capture program called Analyzer,
but the project seems to be abandoned, no doubt due to the popularity
of Ethereal.
WinPCap is the best way to get low-level network access in your own
programs, if you don't want to spend any money. Buying one of PCAUSA's kits may be a better choice
if your time isn't free, though.
|
| Date tried: |
March 2006 |
| Version evaluated: |
3.1 |
| Rating: |
|
| Package: |
EtherPeek |
| Vendor: |
WildPackets |
| Platform(s): |
Win32 |
| User interface: |
GUI |
| Price: |
$895 |
| Licensing: |
Commercial |
| Commentary: |
I played with the demo, and found that I liked other Windows capture
programs a bit better.
|
| Date tried: |
Long, long ago |
| Version evaluated: |
unknown |
| Rating: |
 |
| Package: |
The Gobbler |
| Author: |
Tirza van Rijn, University of Delft, The Netherlands |
| Platform(s): |
DOS |
| User interface: |
Text graphics |
| Licensing: |
Freeware |
| Date tried: |
Long, long ago |
| Version evaluated: |
2.1 |
| Rating: |
|
| Package: |
Observer |
| Vendor: |
Network Instruments |
| Platform(s): |
Win32 |
| User interface: |
GUI |
| Price: |
$995 |
| Licensing: |
Commercial |
| Commentary: |
Observer is one of the "big boys" of network monitoring tools. However,
between my initial passing review and a few reviews I've read in
magazines, this package does not look as though it will dethrone the
more popular packages any time soon.
|
| Date tried: |
Long, long ago |
| Version evaluated: |
unknown |
| Rating: |
 |
| Package: |
PacketView |
| Vendor: |
Klos Technologies |
| Platform(s): |
Win32 and DOS |
| User interface: |
Text graphics (DOS); Windows version untested |
| Price: |
$1349 for Windows, $299 for DOS |
| Licensing: |
Commercial |
| Date tried: |
Long, long ago |
| Version evaluated: |
unknown |
| Rating: |
|
Winsock Shims:
| Package: |
TracePlus/Winsock |
| Vendor: |
Systems Software Technology, Inc. |
| Platform(s): |
Win32 |
| User interface: |
GUI |
| Price: |
$200 |
| Licensing: |
Commercial |
| Date tried: |
Never |
| Version evaluated: |
unknown |
| Package: |
SocktSpy |
| Vendor: |
WinTECH |
| Platform(s): |
Win32 and Win16 |
| User interface: |
GUI |
| Price: |
$60 |
| Licensing: |
Commercial |
| Date tried: |
Never |
| Version evaluated: |
unknown |
Miscellaneous Debugging Tools:
| Package: |
Atelier Web Security Port Scanner |
| Author: |
José Páscoa |
| Platform(s): |
Win32 |
| User interface: |
GUI |
| Price: |
$34 and up, depending on support |
| Licensing: |
Shareware |
| Date tried: |
7/1/2000 |
| Version evaluated: |
3.02 |
| Rating: |
|
| Package: |
Vision |
| Vendor: |
Foundstone |
| Platform(s): |
Windows NT 4.0+ (i.e. not for Win9x kernels) |
| User interface: |
GUI |
| Price: |
Freeware |
| Licensing: |
Freeware |
| Date tried: |
Never |
| Version evaluated: |
1.0 |
| Package: |
Inzider |
| Author: |
Arne Vidstrom |
| Platform(s): |
Win32 |
| User interface: |
Sorta GUI (an edit control, basically :) ) |
| Licensing: |
Freeware |
| Date tried: |
6/28/2000 |
| Version evaluated: |
1.2 |
| Rating: |
|
