|
Tools to Analyze your Network Traffic
Continued from page: 3
Tuesday, May 15, 2007
Observer
OBserver can run on wired as well as the wireless networks. It provides instant
view of captured packets and can also present them in human readable format,
which is pretty similar to Ethereal's interface. OBserver is capable of
providing information about things like Network summary, Bandwidth utilization,
Access point load monitor and VLAN analysis in real time. The software has
pretty effective filters, which help users to analyze the network easily, by
only showing the relevant data which is useful and required by the user. When
OBserver finds any error or warning such as attack or problem in the network, it
can also alert the user by firing up e-mails and pager messages. It also has a
feature called Traffic generation with the help of which it can stress test your
network by generating heavy traffics. It also provides VLAN analysis, Internet
OBsersver analysis, Router OBserver etc. It provides network trending and
detailed reporting to help you keep an eye on overall health of your network.
Under the channel option you can check the
stats of each and every channel
Wired Protocol Analyzers: Packetyzer
It's a network protocol analyzer again based on Ethereal project and also
sometimes referred to as packet sniffer. It includes open source Ethereal packet
capture and dissection library. It decodes various protocols including the ones
from wireless LAN, virtual LAN and 802.1x. It applies sophisticated packet
filtering to filter and search specific packets. Its filtering is very powerful.
It is possible to filter on addresses, both MAC and IP, by protocol, by port
number etc. Complex filter can be built up by combining elements. It captures
packets form the network and can provide live detailed information of the
packets. It is configurable and can capture session as per need and examine the
captured protocol with ease. An interesting feature of Packetyzer is the
import/export flexibility which allows it to open packets from a large number of
other capture programs and save packets captured in a large number of formats of
other captured program. With RFprotect mobile, Packetyzer can sniff 802.11
traffic and capture 802.11 packets in promiscuous mode, including control and
management frames. It's a very effective tool for network professionals for
troubleshooting, analysis, protocol development and to handle security threat
better.
WiFi: Commview
Commview is a wireless network monitor and analyzer for 802.11 a/b/g
networks. It captures packets on-the-fly and provides critical information such
as list of access points and stations, per node and per channel statistics,
signal strengths, protocol distribution chart etc. All of this information helps
a network administrator to find out network problems, view and examine packets,
troubleshoot software and hardware.
Packets can be decrypted utilizing user defined WEP or WPA-PSK keys. The
convenient trees like structure display of protocol layer and packets' headers,
which help to determine details of a packet. One can view details of IP
connections like IP addresses, ports, sessions etc. It provides you with an
option to reconstruct TCP session. You can configure alarms that notify about
important events, such as suspicious packets, high bandwidth utilization,
unknown addresses, rogue access points, etc. You can browse captured and decoded
packets in real time. A log can be maintained for individual or all packets in a
file. One can also monitor the bandwidth utilization and can search for specific
string or Hex data in captured packets. There is also an option to view protocol
pie chart.
Overall, this is a very effective tool for IT administrators for monitoring
wireless networks.
|
CommView for WiFi |
| When you start capturing packets, it first
scans the available access points (APs) within that range. From the detected
APs, select the one on which you want to capture the packets, and press
Capture at the bottom. You can see the required statistics on the main
console. To see live details in graphical format from the nodes window,
select the AP and then select 'More statistics'. You can also see the
information about packets, protocols, host, and matrix by MAC and IP
addresses and generate a report. To see the packet
details, go to Packets tab that shows all captured packets. Click on
individual packets to see information ranging from header to protocol to
errors, data transfer rate to data length, etc. To reconstruct a TCP stream
of selected packets, go to Tools and select 'Reconstruct TCP packets'. A new
window will appear where you can see the reconstructed TCP stream. Notice
the latest IP connection established and you can figure out easily the place
where the destination IP is hosted. The destination IP addresses not only
shows the IP address of the destination but also the small flag of the
country, which hosts the IP. And, if you are looking for some specific IP
address or Mac address, you can do that easily with the 'Find packet'
option. |
WiFi: Kismet
Kismet is a wireless network detector, sniffer and intrusion detection
system. It works with any wireless card that supports raw monitoring mode (rfmon)
and can sniff 802.11a/b/g traffic. It identifies network by passively collecting
packets and detecting standard named network. It also can detect hidden networks
and can gather the presence of non-beaconing networks via data traffic. One of
the key features of Kismet is Ethereal/Tcpdump compatible data logging. It also
has built in channel hopping and multi card split channel hopping. The
client/server architecture allows multiple clients to view a single server
simultaneously. Its also has support for distributed remote drone sniffing. For
known networks, it can do runtime decoding of WEP packets. Its can multiplex
multiple simultaneous capture sources on a single Kismet instance. Graphics
mapping of networks is also available.
Under streams option HTTP Analyzer shows
the amount of data sent on the left and data
received on right window
HTTP traffic: HTTP analyzer
HTTP analyzer is a sniffer, which monitors and inspects HTTP/HTTPS traffic in
real time. It can trace and examine various information ranging from header,
content, cookies, query string, post data, request/response stream to
redirection URLs. Along with several filtering options, it provides Cache
information and Session clearing as well as HTTP status code information. You
can even handcraft a HTTP/ HTTPS request. Using drag drop option you can move an
existing request from the Session grid to the Request builder to execute it
again.
The HTTP analyzer automation library is packaged as COM components and can be
fully controlled by using OLE automation. It displays Winsock traffic
originating from Java applets and Java script embedded in Web page and also
displays Winsock traffic originating from ActiveX controls and COM objects
instanced by an application. It also allows viewing and editing of binary files
in Hexadecimal and textual format using Hex viewer. One can selectively clear
cache and cookies.
|
HTTP Traffic Analysis |
| The HTTP protocol analyzer starts the action
by capturing packets as soon as any HTTP data flow occurs. It shows you the
details of all these packets in real time. To do this, select the processes
and packets whose details you want to view. The header details of the packet
are visible at the bottom. To view content present on the packet, select the
Content option. If the content is an image, you will see it an image.
To view data streams received and sent to data server,
select Streams tab. Here, on the left side of the window, you can see
contents of the request stream and on the right side you can view the
response stream. You can also view HTTP status code definition for every
successful stream by going to the Status code definition option. |
Page(s) 1 2 3 4
|
