I'm taking a networking class, and we're using WireShark. The problem is, WireShark kinda blows. The interface is ridiculously clunky and it glitches every time you look at it mean. And yes, I know it's free, but so's used Kleenex. Thankfully, I don't need to use it for any of the practical exams, but it'd be nice to be able to explore the packets with something reliable, just for learning purposes. And if there's something I can use now and keep using when (hopefully) I'm doing this for a living, so much the better to get practice with it now. Is there a stable alternative I can get for free? I know that's asking a lot.
Announcement
Collapse
No announcement yet.
WireShark alternatives?
Collapse
X
-
Tags: None
-
Yeah, I was sorta asking the techie people who didn't need to google.
Comment
-
Download NetworkMiner packet analyzer for free. The Network Forensics Tool. NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic.
Although I prefer WireShark FWIW<p style="font-size:1024px">HTML is disabled in signatures </p>
Comment
-
Really? Do you use the pay version or something? What we're using is infuriating; it freezes up every time you try to move or resize a window, and seems to auto-minimize whenever you click another program. For the purpose we use it for, this makes it not worth the bother, IMO. Thanks for the link!
Comment
-
I've never run into those problems. Are you running this on your personal computer, or on the school computer? If the former then shut down all unnecessary programs before running wireshark using e.g. system explorer. If the latter then wireshark may not be playing nicely with whatever stupid policies/programs the admins have in place.<p style="font-size:1024px">HTML is disabled in signatures </p>
Comment
-
School computer. I kept trying to get it to share the screen with the browser so I could send the damn packet and then see it on the network without fumbling back and forth. As it was, I kept starting and stopping the capture, telling it not to save the old crap every time, and sifting through miles of results to find what I sent. I'm not totally sure I successfully turned off promiscuous mode--I kept unchecking the box, but it was always checked whenever I went to Options. But that might just be its insistence on starting a new "capture session" or whatever every single time you visit Options. Promiscuous mode might just be the default option, IDK. I tried fooling around with the filters to save myself the hassle, but it kept crashing/freezing and in the end I said screw it, this lab isn't being graded and I understand the concepts fine.
It probably works a lot better for people who aren't trying to catch their own stuff.
Comment
-
Okay, I talked to my brother, who does this kind of thing for a living, and he said it sounded weird and was probably the school's computers' fault. I.e., he agreed with you. I've installed Wireshark here at home and it works fine, glitch-free. Thanks for your help!
Comment
-
-
Originally posted by Snotty View PostIf you believe that techies dont use google to answer their problems, then youve still got a hell of a lot to learn
Comment
-
WireShark is best-in-class, unless you have thousands of dollars to spare."The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
Ben Kenobi: "That means I'm doing something right. "
Comment
-
On a related note: Can WireShark identify users' MAC addresses, or is it restricted to layers 3 and 4? I don't know how to secure our wireless, but I'd like to know who all is riding on it. Can't tell a thing from a bunch of DHCP addresses...except I know I'm 192.168.whatever.102, or have been the past couple of times I used ipconfig. I'm sure this will get much more intuitive once I get into the higher-level classes.
Comment
-
I don't know how to do it offhand, but you should be able to pull the source MAC addresses from the ethernet packets you capture
In addition to using the usual WPA password / MAC address filter to secure your wireless, you can also set up an OpenDNS account so that nobody will want to steal your wireless (since you've turned off porn/gambling sites) and/or so that nobody can do anything illegal with your wireless<p style="font-size:1024px">HTML is disabled in signatures </p>
Comment
-
Originally posted by loinburger View PostI don't know how to do it offhand, but you should be able to pull the source MAC addresses from the ethernet packets you capture
In addition to using the usual WPA password / MAC address filter to secure your wireless, you can also set up an OpenDNS account so that nobody will want to steal your wireless (since you've turned off porn/gambling sites) and/or so that nobody can do anything illegal with your wireless
Just keep in mind that you will only see actual MAC address from machines in your own network subnet.“It is no use trying to 'see through' first principles. If you see through everything, then everything is transparent. But a wholly transparent world is an invisible world. To 'see through' all things is the same as not to see.”
― C.S. Lewis, The Abolition of Man
Comment
Comment