Thoughts On Wireshark or Alternatives?

Discussion in 'other software & services' started by DasFox, May 10, 2011.

Thread Status:
Not open for further replies.
  1. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I've been looking over wireshark, seems like a nice application, but I'm not a networking guru that needs all the ends and out of every little detail either, so it personally seems a bit overkill for the average end-user wanting to check out their LAN.

    Does anyone know any nice, simpler apps? Personally I just want to see the traffic is all and to be able to distinguish it, kind of nice how you can look at the different protocols in Wireshark...


    THANKS
     
  2. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    I use curports and Tcpview. Microsoft Network Monitor is another alternative.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've never been lucky to find a decent one to provide detailed packet info that would support USB 3G devices.

    Are you familiar with any o_O :doubt:
     
  5. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Ok got more then I hoped for, LOL...

    Now to weed through the confusion, which would be the simplest and best of the bunch for protocol analysis on ethernet and wifi?

    Isn't wireshark more then currports and tcpview, showing what's going on with the protocols, like DNS and HTTP as an example when you are online?

    By the way Capsa is just for ethernet no wifi :(

    http://www.colasoft.com/capsa/capsa-free-edition.php
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Well i use either or both curports and Tcpview with my USB 3G device :thumb: With or without my FW, as shown in my FW thread ;)
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, I use them both as well. I actually tend to use TCPView more often... But, in the recent events, regarding a relative's infected system, I used CurrPorts which provided a more detailed view of certain connections.

    But, it would be great to have something like Wireshark... I wonder if there's a difficulty in providing such support? I guess there is, to an extent... or they just don't feel it's worth, anyway... as most networks wouldn't be behind such type of connection.
     
  8. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    FW thread?



    Providing what support?

    So Currport and TCPView pretty much do what Wireshark does?


    THANKS
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    CloneRanger is talking about the thread here at other firewalls https://www.wilderssecurity.com/showthread.php?&t=298698

    CurrPorts and TCPView are not as powerfull as Wireshark/similar, hence I'd like to see those kind of tools (like Wireshark) to monitor network traffic behind a 3G USB connection.
    Unfortunately, I couldn't find nothing so far.
     
  10. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Well for starters why are you bothering with using a Mobile Cellphone carrier connection? I'm assuming this is one a laptop?

    I don't see what's so special about 3G that you are saying you can't use just about any program out there...

    Wireshark isn't working?

    Also if you are really concerned about your security and safety on a computer you shouldn't always be running wireless unless you are on the road...
     
  11. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    I certainly don't see Currports and TCPView as substitutes for Wireshark-maybe for each other? They are valuable in providing a moving snapshot of your network connections as seen by your computer. But Wireshark is a dynamic protocol analyzer observing the actual packet traffic between your computer and the network (AKA packet sniffer-formerly known as ethereal to the Linux crowd :) ). See the first attachment for a look at a simple Wireshark case showing an application retrieving Windows time. Second attachment is the more complex case of setting up a wireless network using DHCP. I have also used Wireshark to do things like analyze potential problems in SSL/TLS handshaking for mail servers. Besides the timeline, you can select each line and get additional information on what is actually happening. And there is pretty good documentation and tutorial information on their website. Currports (and TCPView) outputs are quite different in both form and purpose (see fig 3 for a currports segment).
     

    Attached Files:

    Last edited: May 11, 2011
  12. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    yes. but he is not looking for a substitute for Wireshark

     
  13. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Wireshark or Layerview are what I use.
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ m00nbl00d

    Hi, you & others "might" be interested in this.

    So you can try it & see for free :) Other network etc tools on there as well. Let us know what you think :thumb:

    @ DasFox et al

    Have a look here - https://www.wilderssecurity.com/showthread.php?t=270857
     
  15. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I got no concerns with my system security. I just like these type of tools, specially to monitor connections performed by malware.
     
  17. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  18. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  19. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    Have you guys used Angry IP scanner (it is an open-source and cross-platform network scanner)? how does it compare to curports and Tcpview?

    http://www.angryip.org/w/About
     
  20. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ brainrb1

    RE - Angry IP scanner

    Thanks for the tip :thumb: Looked at it, but as it pings out all the time you use it :eek: it's a no no from me i'm afraid :(

    @ Nick Rhodes

    Re Fiddler

    I'd forgotten about it, so :thumb: It requires Microsoft .NET Framework though :p , so i won't be using it.

    As you use it, i wonder if you'ld be kind enough to comment on my Fiddler extension thoughts etc in here https://www.wilderssecurity.com/showthread.php?p=1875837#post1875837 Re delay ?

    TIA
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've found this one WinSniff. -http://www.securityxploded.com/winsniff.php

    I still haven't tried it, though. It's 4 A.M. I'll see if I can give it a spin later on. From the screenshot, it doesn't seem as much informative as Wireshark, still... it appears to have a decent functionality.

    Just wanted to let you know... in case you already didn't. :p

    -edit-

    Apparently it's a demo version?

     
Loading...
Thread Status:
Not open for further replies.