Network Analyzers [7:72346]
I work for a small growing business and am currently evaluating two types of network analyzer software. EtherPeek NX and Sniffer Portable (Sniffer Pro). Since the versions that I have are not the full production versions (only for evalutation purposes), I am limited to the functionality I can do with each. I know there is an extensive difference in price (Etherpeek NX is somewhere around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater than $10,000. For a small growing company, it is hard to justify over $10,000 for a piece of software, when I can get something comparable for much less, especially when we are in a time where we have to justify our jobs. What I would like to know, if anyone has experience with both of these applications, and what capabilities that Sniffer Pro offers, that Etherpeek NX does not. I would also like to know if anyone has experience with Ethereal (for Linux). I know it is free and it has much less functionality than Etherpeek NX or Sniffer, but I would like an opinion on that to. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72346&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
Dave C. 7/15/03 2:12:09 PM >>> >I work for a small growing business and am currently evaluating two types of >network analyzer software. EtherPeek NX and Sniffer Portable (Sniffer Pro). > >Since the versions that I have are not the full production versions (only >for evalutation purposes), I am limited to the functionality I can do with >each. > >I know there is an extensive difference in price (Etherpeek NX is somewhere >around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater >than $10,000. For a small growing company, it is hard to justify over >$10,000 for a piece of software, when I can get something comparable for >much less, especially when we are in a time where we have to justify our jobs. > >What I would like to know, if anyone has experience with both of these >applications, and what capabilities that Sniffer Pro offers, that Etherpeek >NX does not. > >I would also like to know if anyone has experience with Ethereal (for >Linux). I know it is free and it has much less functionality than Etherpeek >NX or Sniffer, but I would like an opinion on that to. > >Thanks. There are still questions to be answered. For example, who is going to be the end-user of this software? How familiar is this person with the details of the protocols running on your network? Do you need the additional tools that come with Etherpeek NX, for instance, or could you get by with simply Etherpeek and perhaps PacketGrabber? Do you need packet capture primarily or do you absolutely require the analysis tools? If you just need packet capture you're probably better off with Ethereal or something along those lines. We use Etherpeek (not the NX version) here and I'm quite happy with it. We also got Packetgrabber, iNetTools, and Netsense because we thought they'd be useful but I've never had a reason to use them. I'm particularly disappointed in Netsense, but perhaps that's because I've never bothered to dig into it a little deeper. On the surface I always felt that it took quite a bit of effort to get something useful out of it. I do love Etherpeek, though. It's a good program. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72348&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
Dave, Ethereal also comes in a Windows flavour as well which is a little more versatile for installation options. I have used it quite a lot and its always done the job for me (and that has been some pretty obscure problems solved). I generally work on the basis of a potential theory to where the problem is and prove it, in the required scenarios a combination of Ethereal and Languard (from gfi.com - also free) do the trick 99% of the time. Justify it against potential revenue saved. How much are you losing through suspected network problems? Alternatively to get a feel of what you will be seeing Ethereal is good for a start. Also bear in mind the amount of time needed to learn how to properly use a network analyser, so the real cost is actually alot more than $2500 or $1. If its your LAN or WAN then get someone else to do it, it will work out cheaper than $10k (I hope!) Regards Paul ""Dave C."" wrote in message news:[EMAIL PROTECTED] > I work for a small growing business and am currently evaluating two types of > network analyzer software. EtherPeek NX and Sniffer Portable (Sniffer Pro). > > Since the versions that I have are not the full production versions (only > for evalutation purposes), I am limited to the functionality I can do with > each. > > I know there is an extensive difference in price (Etherpeek NX is somewhere > around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater > than $10,000. For a small growing company, it is hard to justify over > $10,000 for a piece of software, when I can get something comparable for > much less, especially when we are in a time where we have to justify our jobs. > > What I would like to know, if anyone has experience with both of these > applications, and what capabilities that Sniffer Pro offers, that Etherpeek > NX does not. > > I would also like to know if anyone has experience with Ethereal (for > Linux). I know it is free and it has much less functionality than Etherpeek > NX or Sniffer, but I would like an opinion on that to. > > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72351&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
I used to use Sniffer and switched to EtherPeek a couple years ago and never regretted it. A couple times I found that EtherPeek didn't decode a protocol as well as Sniffer, but I reported it, and the next release had a better decode. The best thing about EtherPeek is that the user interface is so intuitive. Everything works the way you expect it to. Sniffer is a bit more clumsy and Ethereal is definitely more clumsy. It took me hours to figure out filters on Ethereal! Filters on Sniffer took quite a while too, come to think of it. They are obvious with EtherPeek. Ethereal does do a great job considering it's free, though. It decodes almost as many protocols as the others and just as competently. Mainly I use an analyzer for protocol analysis. I don't use the expert system on either Sniffer or EtherPeek NX. I find that both of them alert you to problems that aren't really problems. Anyway, I do highly recommend EtherPeek. Sorry I don't have any more details on features in one or the other though. Priscilla Dave C. wrote: > > I work for a small growing business and am currently evaluating > two types of network analyzer software. EtherPeek NX and > Sniffer Portable (Sniffer Pro). > > Since the versions that I have are not the full production > versions (only for evalutation purposes), I am limited to the > functionality I can do with each. > > I know there is an extensive difference in price (Etherpeek NX > is somewhere around $2000-2500 range, and Sniffer Portable > (Pro) is somewhere greater than $10,000. For a small growing > company, it is hard to justify over $10,000 for a piece of > software, when I can get something comparable for much less, > especially when we are in a time where we have to justify our > jobs. > > What I would like to know, if anyone has experience with both > of these applications, and what capabilities that Sniffer Pro > offers, that Etherpeek NX does not. > > I would also like to know if anyone has experience with > Ethereal (for Linux). I know it is free and it has much less > functionality than Etherpeek NX or Sniffer, but I would like an > opinion on that to. > > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72349&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
""Dave C."" wrote in message ... > I know there is an extensive difference in price (Etherpeek NX is somewhere > around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater > than $10,000. For a small growing company, it is hard to justify over > $10,000 for a piece of software, when I can get something comparable for > much less, especially when we are in a time where we have to justify our jobs. I think I've posted this before.(*sigh*) There are two types of worthwhile packet capture software: 1) free Unix-based 2) commerical Unix-based For option 1, you have tcpdump, Ethereal, snort, and NTOP. Download them. Run them on something cheap like a 1U rackmount server (~$500). Make sure you have at least two NIC ports (#1 for SSH, #2 for capture). For option 2, you have Niksun's NetVCR product for Layers 2-4 and Unispeed's Netlogger product for Layers 5-7. There are two types of packet capture infrastructure: 1) Taps 2) SPAN's, mirror-ports, etc For taps, I recommend Finisar (good equipment for SAN stuff, too), or Netoptics. For SPAN ports, I highly recommend putting a Cisco Cat6k with a PFC card in every switch closet, data center, and anywhere an Ethernet cable plugs into that way you can take advantage of RSPAN (and soon to be released ERSPAN on the Sup720 modules)... This document explains how to do anything you want with RSPAN: http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet091 86a008017b753.html -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72353&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
Interesting. I have used both products as well and I found the interface, filter, and capture functions to be just the opposite. In that the EtherPeek filters and capture seemed counterintuitive, whereas Sniffer was obvious. The Sniffer interface seems to have things exactly where I expect them to be :) That is one of the reasons I stopped using EtherPeek in our labs and switched to Sniffer. Must be why they are both on the market. Both are excellent products. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 3:52 PM To: [EMAIL PROTECTED] Subject: RE: Network Analyzers [7:72346] I used to use Sniffer and switched to EtherPeek a couple years ago and never regretted it. A couple times I found that EtherPeek didn't decode a protocol as well as Sniffer, but I reported it, and the next release had a better decode. The best thing about EtherPeek is that the user interface is so intuitive. Everything works the way you expect it to. Sniffer is a bit more clumsy and Ethereal is definitely more clumsy. It took me hours to figure out filters on Ethereal! Filters on Sniffer took quite a while too, come to think of it. They are obvious with EtherPeek. Ethereal does do a great job considering it's free, though. It decodes almost as many protocols as the others and just as competently. Mainly I use an analyzer for protocol analysis. I don't use the expert system on either Sniffer or EtherPeek NX. I find that both of them alert you to problems that aren't really problems. Anyway, I do highly recommend EtherPeek. Sorry I don't have any more details on features in one or the other though. Priscilla Dave C. wrote: > > I work for a small growing business and am currently evaluating > two types of network analyzer software. EtherPeek NX and > Sniffer Portable (Sniffer Pro). > > Since the versions that I have are not the full production > versions (only for evalutation purposes), I am limited to the > functionality I can do with each. > > I know there is an extensive difference in price (Etherpeek NX > is somewhere around $2000-2500 range, and Sniffer Portable > (Pro) is somewhere greater than $10,000. For a small growing > company, it is hard to justify over $10,000 for a piece of > software, when I can get something comparable for much less, > especially when we are in a time where we have to justify our > jobs. > > What I would like to know, if anyone has experience with both > of these applications, and what capabilities that Sniffer Pro > offers, that Etherpeek NX does not. > > I would also like to know if anyone has experience with > Ethereal (for Linux). I know it is free and it has much less > functionality than Etherpeek NX or Sniffer, but I would like an > opinion on that to. > > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72361&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
Original Message - From: "dre" To: Sent: Tuesday, July 15, 2003 4:24 PM Subject: Re: Network Analyzers [7:72346] > ""Dave C."" wrote in message ... > > I know there is an extensive difference in price (Etherpeek NX is > somewhere > > around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater > > than $10,000. For a small growing company, it is hard to justify over > > $10,000 for a piece of software, when I can get something comparable for > > much less, especially when we are in a time where we have to justify our > jobs. > > I think I've posted this before.(*sigh*) > > There are two types of worthwhile packet capture software: > 1) free Unix-based > 2) commerical Unix-based > You have mentioned this before but I'm wondering why you discount the use of Windows-based software like Etherpeek? I've been using it for a couple of years and I'm quite happy with it. Other than the fact that it's on a Winblows platform, what don't you like about them? John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72363&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
try packetyzer free www.packetyzer.com or www.networkchemistry.com realtime packet display try link ferret http://www.linkferret.ws realtime packet display also try analyzer a public domain protocol analyzer at http://analyzer.polito.it/ post capture session to view packets have fun... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72367&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
I really like Sniffer. But I have not tried EtherPeek. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72385&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
Packetyzer is a Windows based front end for Ethereal. It makes using Ethereal much more user friendly. For freeware it is really good. www.packetyzer.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 7:13 AM To: [EMAIL PROTECTED] Subject: Re: Network Analyzers [7:72346] I really like Sniffer. But I have not tried EtherPeek. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72387&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
Ethereal has real-time packet display also. Plus, you can customize it and recompile as needed. I first added the Len= in the summary display, for instance... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: jeff sicuranza [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 11:34 PM To: [EMAIL PROTECTED] Subject: Re: Network Analyzers [7:72346] try packetyzer free www.packetyzer.com or www.networkchemistry.com realtime packet display try link ferret http://www.linkferret.ws realtime packet display also try analyzer a public domain protocol analyzer at http://analyzer.polito.it/ post capture session to view packets have fun... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72390&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
""John Neiberger"" wrote in message ... > > There are two types of worthwhile packet capture software: > > 1) free Unix-based > > 2) commerical Unix-based > > You have mentioned this before but I'm wondering why you discount the use of > Windows-based software like Etherpeek? I've been using it for a couple of > years and I'm quite happy with it. Other than the fact that it's on a > Winblows platform, what don't you like about them? Ability for more than one person to access packet capture capabilities remotely, while being able to adjust different capture and display filters simultaneously, or for two or more people to work together on a problem and see the same results on the screen. And to do so securely, in a consistent manner, and with standardized software that always works. Also - timing and NIC drivers are extremely important issues for packet capture devicesif one were to compare, say, Unix NTP (and underlying kernel timing) to Windows2k/XP NTP (and lack of kernel/userland timing)...or even abililty to accurately capture the data without losing any...which Windows fails on... -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72408&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
I prefer Ethereal over Sniffer. In my experience, the Sniffer "expert" tools can mislead an inexperienced user to jump to conclusions and not do real analysis of a capture. If you are even going to think about analyzing a packet capture it is essential, IMHO, that you know the protocols that you are supposed to be analyzing in great detail. You need to know how each end of a conversation SHOULD act. I'd suggest that you spend that $2.5K in either books or classes to teach you about the various different protocols in your network and what is normal behavior. You'd be amazed at what an experienced person can do with Ethereal and a little bit of knowledge of Perl scripting. I don't understand the complaints about the filters. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Dave C. [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 3:36 PM To: [EMAIL PROTECTED] Subject: Network Analyzers [7:72346] I work for a small growing business and am currently evaluating two types of network analyzer software. EtherPeek NX and Sniffer Portable (Sniffer Pro). Since the versions that I have are not the full production versions (only for evalutation purposes), I am limited to the functionality I can do with each. I know there is an extensive difference in price (Etherpeek NX is somewhere around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater than $10,000. For a small growing company, it is hard to justify over $10,000 for a piece of software, when I can get something comparable for much less, especially when we are in a time where we have to justify our jobs. What I would like to know, if anyone has experience with both of these applications, and what capabilities that Sniffer Pro offers, that Etherpeek NX does not. I would also like to know if anyone has experience with Ethereal (for Linux). I know it is free and it has much less functionality than Etherpeek NX or Sniffer, but I would like an opinion on that to. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72423&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
Hi, I prefer ethereal. I have used the the sniffers as well but personally I prefer the unix versions(maybe because im more comfortably with unix as you can have full control) e.g even tcpdump i find very good because you can use this with the ngrep utility to filter stuff. As suggested its quite important to know how protocols work and conversate. regards, seun Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72466&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Analyzers [7:72346]
I agree! I have used most of the commercially available packages such as Sniffer, and for most things I prefer Ethereal. I do not always carry an analyser with me and being able to download Ethereal to a clients workstation has helped me many times. I also like Ethereal's ability to read most capture formats so a client can mail me captures for analysis. Just my 0.02 (GBP). Best regards, Dom Stocqueler SysDom Technologies Visit our website - www.sysdom.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17 July 2003 13:19 To: [EMAIL PROTECTED] Subject: RE: Network Analyzers [7:72346] Hi, I prefer ethereal. I have used the the sniffers as well but personally I prefer the unix versions(maybe because im more comfortably with unix as you can have full control) e.g even tcpdump i find very good because you can use this with the ngrep utility to filter stuff. As suggested its quite important to know how protocols work and conversate. regards, seun Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72471&t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
