A network sniffer, or packet sniffer, is a specialized software (or even a hardware device) that listens in over a network and records the IP packets of data that travel through it.
Many network administrators use these tools to determine the efficiency of a network, to troubleshoot communication problems, to identify common network bottlenecks etc.
Of course, hackers can also use network sniffing tools to collect personal data such as passwords over a network. That’s why network traffic should be encrypted wherever possible.
As a network and security engineer I have been using network sniffing tools for decades. The easiest way to collect network traffic with a sniffing tool is to connect your computer (which has the sniffer software installed) on a SPAN port of a switch which basically copies all traffic passing through the switch to that SPAN port.
The sniffing software is listening on the network interface card of the computer to collect all traffic which passes through the interface for analysis. Of course, this is one way of capturing network traffic. There are more options as we’ll see below.
In this article I have researched some popular (both free and commercial) IP network sniffing tools and present them below with a brief description of each one.
The ranking below is in no particular order:
1) WireShark – FREE
As one of the world’s most used network sniffing and analysis tools, WireShark has a wealth of features that are continually being added to by a community of volunteers.
This free tool is usually the de-facto first option for network and system engineers for capturing and analyzing network packets.
WireShark is available across various platforms, including Windows, Mac, Linux, FreeBSD, Solaris, and others. It also can read hundreds of network protocols and can do all of this in real time over a variety of networks, including Ethernet, PPP, Bluetooth, FDDI etc.
A website full of information with a wealth of tutorials and documents tops all of this off, and they even conduct regular training on how to use their software.
This makes it relatively easy to get up to speed on not just how to use the tool, but also how it can help network administrators and other IT professionals improve the speed and efficiency of their networks.
Personally I use Wireshark extensively in my work environment to either troubleshoot problems or inspect traffic for security purposes.
There is a learning curve to find out the various filters needed to apply in order to search within packets and display only the packets you want. If you learn these, the tool is very powerful and flexible.
2) PRTG IP Sniffer – PAID
PRTG by Paessler is a popular and powerful network monitor tool which does much more than IP sniffing.
PRTG’s approach to network monitoring is based on sensors. You can set up sensors across an entire network that measure the values of different things such as CPU load, disk space, bandwidth and so on.
Once you set them up, they can all be monitored from a central dashboard. In this sense, the sensors act like little network alarms that will alert the network administrator to a network problem.
There’s a lot to like about this approach, and the first 100 sensors are free to use for 30 days, after which the software will revert to a free version that has limitations. The unique sensor-based approach that PRTG takes makes it an interesting choice.
Now, the IP Sniffing functionality of PRTG is another sensor just like the other ones they have.
The Packet Sniffer Sensor uses a built-in packet sniffer to monitor the headers of data packets passing through the network card. Only packet headers are captured.
Solarwinds is another big player in the network management/monitoring arena. They develop tools for all sorts of management tasks, monitoring, analysis of IT infrastructure etc.
If you want to see where your data bottlenecks are located across a sophisticated network, the Solarwinds Deep Packet Inspection tool offers some unique insights.
By presenting all information in an easy to read and interpret graphing front-end, Solarwinds is ideal for those who need to know everything about their network and how it performs under load.
Out of the box, Solarwinds has support for analyzing the network traffic for 1200 applications. Such applications include Skype, SQL server, Social Media traffic, Web Traffic and many more.
The Deep Packet Inspection (DPI) tool classifies traffic into categories. A business can use this classification to identify traffic that is not business-related (e.g excessive social media traffic) in order to apply rate limiting, traffic blocking etc.
4) Tcpdump – FREE
If you’re more accustomed to command line applications and need something fast and powerful, Tcpdump is one of the best choices available in the world of packet sniffing and analysis in the Unix world.
This software is ideal for Linux-based machine and gives you the ability to capture packets going in and out of the host’s network card and presents the results in printed format for easy reading and analysis.
As with many command line applications, many features can be controlled with flag settings. Tcpdump is very powerful and flexible but is more geared towards system admins with some Linux knowledge.
5) WinDump – FREE
Windump is the Windows version of the above mentioned tcpdump. It also presents information in a command line interface and is compatible with tcpdump.
Just like tcpdump, Windump is free and is made for those who like a simple but powerful command line-driven experience for deep packet troubleshooting across a host.
It is based on the free WinPcap which is a driver for capturing packets form the host’s network interface.
This real time network analysis tool uses an attractive graphical interface to display traffic data over a network.
It is based on packet flow technologies and supports Cisco’s Netflow, Juniper’s JFlow, sFlow, IPFix, Appflow and Netstream.
Using the above Flow Technologies, this software is ideal for people who want to be able to visualize everything in real time and drill down on the details to identify any potential network issues.
It supports major hardware vendors such as Cisco and HP, and can display data from all supported hardware devices using Flow Technology.
This is an easy way to see where there might be any network problems. Color-coded pie charts and summarized information on a single screen make this a wise choice for professional network administrators.
The Manage Engine tool works as a collector to receive flow traffic from network devices such as routers, switches etc and any other device that can send flow data. This allows it to monitor bandwidth usage, application usage, security monitoring etc.
7) EtherApe – FREE
This may not be the most complex or complete tool available, but for those who rely on Unix, this GTK3-based network monitor can get the job done.
It uses an easy to decipher color-coded display for visualizing network and packet data, and has RPM packages that have been built for Arch Linux, Fedora, OpenSUSE, and Mageia 6.
The use of the GTK3 graphical libraries make this an attractive native Linux experience in several flavors.
The display of network data is heavily graphical and intuitive in design, with more active nodes appearing large on the screen.
This makes an otherwise arcane tool rather easy to use and interpret, even for those with intermediate knowledge of networks.
8) LiveAction Omnipeek – PAID
Though not free, this network analyzer offers professionals a powerful and intuitive way to view network congestion, identify problems, and focus on solving Wi-Fi speed issues among others.
Many network tools have a distinct focus on traditional wired networks, but Omnipeek provides a sophisticated way to visualize the data flow within wireless networks as well. This makes it thoroughly up to the job in the modern world, where wireless networks are very common.
Moreover, it helps admins to troubleshoot and monitor Voice and Video traffic, end-user devices, and also decode over 1000 protocols.
The solution offers also an appliance option (LiveCapture) used to distribute the collection and network monitoring at remote sites and branches.
9) Netresec Network Miner – FREE or PAID
Coming in both a free and professional paid version, Netresec Network Miner is an open source software tool that features a passive mode operation.
Operating in this mode ensures that no extra load is placed on the network, and Network Miner goes to work capturing packet data and identifying hostname and operating system information.
The featured passive mode makes it an ideal tool for large networks, especially the professional edition, which features many more functions, including exportable reports and OS fingerprinting.
An attractive and intuitive interface is one of the characteristics of this tool.
This makes it quite easy to diagnose problems and bottlenecks across a network. What makes it even easier to use is the included preset analysis views.
By applying one of these preset views, it’s possible to see a wide range of problems presented in an attractive and humanly readable way.
Steelcentral Packet Analyzer makes it a cinch to diagnose issues on large networks in a business environment. It has been designed from the ground up to collect information and present it in a way that speeds up the job of network administrators.
11) Capsa – PAID
Though not inexpensive, Capsa offers numerous features that set it above many other network analysis tools. It is aimed at enterprise environments and operates on a very large scale, delivering information in an easy to read window and dashboard view.
Capsa is extensive, and supports over 1800 network protocols. It’s possible to monitor networks on a 24/7 basis, capture information from multiple networks in real time, and capture instant messaging and email traffic so network administrators are aware of any policy breaches in a business environment.
Network sniffing and analysis tools cover a wide range of functions and needs, and are available in free and paid versions.
The simplest will certainly do the job of capturing data over a network, but for large corporate environments and sophisticated networks, the paid professional offerings are a better option.
- 19 Best Open Source & Free Network Monitoring Tools (Updated 2020)
- 13 Best Syslog Server Software (Free & Paid) for Windows/Linux
- Best Network Bandwidth Monitoring Software for Traffic Usage Monitoring
- 13 Best Nagios Alternatives for Networks, Servers, IT Systems Monitoring
- 14 Best IP Address Management (IPAM) and DDI Software/Tools