Sniffers for windows....

Printable View

August 16th, 2003, 05:44 PM
br_fusion

Sniffers for windows....

Anyone know of any promiscuous sniffers available for windows. I know there are a bunch for *NIX but not for windows.

thanks
August 16th, 2003, 05:47 PM
thehorse13

I use ethereal for windows or windump. Be sure that you have WinPcap installed before you try to install these guys as it is a requirement for these sniffers.

You can get them from these places:
Ethereal - http://www.ethereal.com/download.html
Windump - http://windump.polito.it/
WinPcap - http://winpcap.polito.it/install/default.htm#Developer

--TH13
August 16th, 2003, 05:58 PM
dopeydadwarf

You could also try eeye digital's Iris. It is free to try, fifteen days I believe. But depending on your abilities, and or laziness. This tool rebuilds anything captured. Cuts out the guess work.

Iris network sniffer

If you aren't interested in purchasing a program, then May I reinforce thehorse13's suggestions. They are very good suggestions you know.

Be safe and stay free
August 16th, 2003, 06:14 PM
Plastic

I'm giving my full endorsement on ethereal... it's been my sniffer of choice for some time now... very good and very free :)
August 16th, 2003, 09:18 PM
Fred Brown

thehorse13,
After you download everything for ethereal, how do I put it all together? I was wondering before I start downloading the different things like winPcap,and so on. I wouldn't mind having a good sniffer for my xp.
Thanks, Freddy
August 16th, 2003, 09:20 PM
thehorse13

WinPcap goes on first then you can install any of the aforementioned sniffers.

:)

--TH13
August 16th, 2003, 09:29 PM
Fred Brown

I did notice that ethereal says you need the 'developer's pack' too. Also, which winPcap should I get? There is one that installs itself-'WinPcap auto-installer (driver +DLLs) or just WinPcap?
Freddy
August 16th, 2003, 09:31 PM
Plastic

just winpcap would be ok :)
August 16th, 2003, 09:40 PM
Fred Brown

This is what I got from the sit,"On Windows, you will need to install not only the regular WinPcap library, but also the "developer's pack", in order to compile Ethereal. As of Ethereal 0.9.5, you must install WinPcap 2.3 or later, and the corresponding version of the developer's pack, in order to be able to compile Ethereal; it will not compile with older versions of the developer's pack. (The installed version of the developer's pack should be the same version as the version of WinPcap you have installed.)" So then Your saying I don't need the develore's pack?
Freddy
August 16th, 2003, 11:06 PM
thehorse13

Download WinPcap 3.0 and install it.
Download Ethereal 0.9.14 and install it.

You're done.

:)
August 16th, 2003, 11:07 PM
Tedob1

the developers pack isn't necessary as their is a pre-compiled binary version available.

is you just want a sniffer to fool around with (ethereal is dead serious) try packetmon from anologX
August 16th, 2003, 11:08 PM
cire

don't forget about ettercap for sniffing on switched networks, they have a windows version.
August 17th, 2003, 12:20 AM
Fred Brown

what is the diference?

I know I'm not the one who started this thread, but what is the difference between the two, ethereal and packetmon? And yes I would just be learning it for the time being. Thanks

Freddy
August 17th, 2003, 01:42 AM
Tedob1

etherreal gives much more detailed information, breaking the entire packet down into its relevant fields (flags, protocol, etc.) for indepth analyasis. and has many advanced features. if your looking to optimize a network this is the tool.

screen shots:

http://www.ethereal.com/introduction.html#screens

packetmon is bare bones showing you the contents of the packet in ascii or binary.

screen shot:

http://www.analogx.com/contents/down...twork/pmon.htm

they both have advanced filtering. They both can output to a file in csv format. They're both free.

most of the time when i use a packet sniffer im interested in the ascii content and dont need all the related info.
August 17th, 2003, 02:07 AM
gunit0072003

If your looking for a really robust one and cost is not an issue (that is if maybe your
"specking" one out for a client or your company) then NAI's (network associates)
SnifferPro is the industry's choice. It's not cheap though..Unless you pick up a copy from Ebay..

Alittle history on SnifferPro..

A few yrs back, Network General was the dominant vendor when it came to protocol analyzers.
They had a product called network General Sniffer/ DOS based..The software back then ran for about 30,000 and each NIC you installed was proprietary and costed about 5-10k,,,
(yea I know ridiculously expensive) but it was every major financial company's choice...

I remember carrying one in subways of NY city fully loaded with every NIC (about 100K worth)

Later on a company called (not sure of spelling) Cinconet had a reall nice GUI product
called NetXray..It was nice GUI interface but not as robust as Network General Dueltsch Sniffer..

Then NAI bought the two products and created SNifferPro..(Its an Awsome tool)
Also its not as expensive as the DOS version was..and NIC cards are no longer
proprietary...

Just a personal opinion..

P.S.
Ethereal is what I recommend if your looking for a free product....
August 17th, 2003, 02:08 AM
thehorse13

Analog X is a great little sniffer. I can't believe I forgot to mention it. Thanks Tedob1 for throwing that link up. :) I tried to reward you but the good ol' AP system wont have it.

I agree that SnifferPro is the bomb. I love the dashboard display but the only problem is the pricetag. I had a copy at my last job and even then it was 27K for one license.

--TH13
August 17th, 2003, 02:30 AM
lumpyporridge

27k for a license , It better give you a bj every morning for that price *off i go to figure out what makes the proggy worth so very much*