Thoughts On Wireshark or Alternatives?

I've been looking over wireshark, seems like a nice application, but I'm not a networking guru that needs all the ends and out of every little detail either, so it personally seems a bit overkill for the average end-user wanting to check out their LAN.

Does anyone know any nice, simpler apps? Personally I just want to see the traffic is all and to be able to distinguish it, kind of nice how you can look at the different protocols in Wireshark...


THANKS

 

I use curports and Tcpview. Microsoft Network Monitor is another alternative.

 

curports and Tcpview here too

Take a look at these as well

LayerView - http://www.layerview.net

Colasoft Network Analyzer - https://www.wilderssecurity.com/forumdisplay.php?f=92

CurrPorts - http://www.nirsoft.net

 

I've never been lucky to find a decent one to provide detailed packet info that would support USB 3G devices.

Are you familiar with any

 

Ok got more then I hoped for, LOL...

Now to weed through the confusion, which would be the simplest and best of the bunch for protocol analysis on ethernet and wifi?

Isn't wireshark more then currports and tcpview, showing what's going on with the protocols, like DNS and HTTP as an example when you are online?

By the way Capsa is just for ethernet no wifi

http://www.colasoft.com/capsa/capsa-free-edition.php

 

Well i use either or both curports and Tcpview with my USB 3G device With or without my FW, as shown in my FW thread

 

Yes, I use them both as well. I actually tend to use TCPView more often... But, in the recent events, regarding a relative's infected system, I used CurrPorts which provided a more detailed view of certain connections.

But, it would be great to have something like Wireshark... I wonder if there's a difficulty in providing such support? I guess there is, to an extent... or they just don't feel it's worth, anyway... as most networks wouldn't be behind such type of connection.

 

FW thread?

Providing what support?

So Currport and TCPView pretty much do what Wireshark does?


THANKS

 

CloneRanger is talking about the thread here at other firewalls https://www.wilderssecurity.com/showthread.php?&t=298698

CurrPorts and TCPView are not as powerfull as Wireshark/similar, hence I'd like to see those kind of tools (like Wireshark) to monitor network traffic behind a 3G USB connection.
Unfortunately, I couldn't find nothing so far.

 

Well for starters why are you bothering with using a Mobile Cellphone carrier connection? I'm assuming this is one a laptop?

I don't see what's so special about 3G that you are saying you can't use just about any program out there...

Wireshark isn't working?

Also if you are really concerned about your security and safety on a computer you shouldn't always be running wireless unless you are on the road...

 

I certainly don't see Currports and TCPView as substitutes for Wireshark-maybe for each other? They are valuable in providing a moving snapshot of your network connections as seen by your computer. But Wireshark is a dynamic protocol analyzer observing the actual packet traffic between your computer and the network (AKA packet sniffer-formerly known as ethereal to the Linux crowd ). See the first attachment for a look at a simple Wireshark case showing an application retrieving Windows time. Second attachment is the more complex case of setting up a wireless network using DHCP. I have also used Wireshark to do things like analyze potential problems in SSL/TLS handshaking for mail servers. Besides the timeline, you can select each line and get additional information on what is actually happening. And there is pretty good documentation and tutorial information on their website. Currports (and TCPView) outputs are quite different in both form and purpose (see fig 3 for a currports segment).

 

yes. but he is not looking for a substitute for Wireshark

 

Wireshark or Layerview are what I use.

 

@ m00nbl00d

Hi, you & others "might" be interested in this.

So you can try it & see for free Other network etc tools on there as well. Let us know what you think

@ DasFox et al

Have a look here - https://www.wilderssecurity.com/showthread.php?t=270857

 

NetworkMiner is another good one.

http://www.netresec.com/?page=NetworkMiner

 

I got no concerns with my system security. I just like these type of tools, specially to monitor connections performed by malware.

 

This may provide a better view than Wireshark.

https://www.wilderssecurity.com/showpost.php?p=1732012&postcount=13

Netwitness Investigator

Overview video
http://www.youtube.com/watch?v=QDxTPYn2O2g

 

On the Netwitness Blog they show how Investigator can be used in various situations to reveal without signatures malicious activity.
Part 1: Gzip Web Content Java Malware and a little Javascript

 

Have you guys used Angry IP scanner (it is an open-source and cross-platform network scanner)? how does it compare to curports and Tcpview?

http://www.angryip.org/w/About

 

For General use Wireshark is nice.
For web specific I use Fiddler - http://www.fiddler2.com/fiddler2/

Cheers, Nick

 

@ brainrb1

RE - Angry IP scanner

Thanks for the tip Looked at it, but as it pings out all the time you use it it's a no no from me i'm afraid

@ Nick Rhodes

Re Fiddler

I'd forgotten about it, so It requires Microsoft .NET Framework though , so i won't be using it.

As you use it, i wonder if you'ld be kind enough to comment on my Fiddler extension thoughts etc in here https://www.wilderssecurity.com/showthread.php?p=1875837#post1875837 Re delay ?

TIA

 

I've found this one WinSniff. -http://www.securityxploded.com/winsniff.php

I still haven't tried it, though. It's 4 A.M. I'll see if I can give it a spin later on. From the screenshot, it doesn't seem as much informative as Wireshark, still... it appears to have a decent functionality.

Just wanted to let you know... in case you already didn't.

-edit-

Apparently it's a demo version?