![[CAIDA - Center for Applied Internet Data Analysis logo]](/images/caida_globe_faded.png "Go to CAIDA home page")
co-sponsored by:
This section gives more detailed information for specific workload tools.
This listing has not been actively maintained since 2004. These pages are made available for historical purposes.
Subcategory: Packet Analyzers (Hardware)
HP/Agilent Advisor
| URL: | Agilent Advisor Homepage |
| Contact: | |
| Overview: | Advisor class hardware are hardware protocol analyzers that capture and filter packets and output data suitable for HP/Agilent software (e.g., HP/Agilent Internet Advisor) |
| Access: | $$$ |
InMon sFlow Probe
| URL: | http://www.inmon.com/probes.htm |
| Contact: | info @ inmon.com |
| Overview: | InMon sFlow Probe is a Gigabit mirror/SPAN port probe that generates NetFlow v5 and/or sFlow records. The probe uses SNMP to dynamically query the switch, obtaining the port, subnet, nexthop and BGP information associated with each flow. |
| Access: | 1 Gbit hardware probe - $12,000, Software probe - $8,000 |
LinkView
| URL: | http://www.tinwald.com/advanced_ethernet/ |
| Contact: | linkview.info @ wwgsolutions.com For a list of Wavetek, Wandel, Goltermann resellers. |
| Overview: | Real-time hw/sw packet analyzer. Packet decoding for over 350 protocols, plus line-speed traffic generation. Windows 95/98; requires PCI or CardBus slot. |
| Access: | $2700 |
Shomiti Explorer
| URL: | http://www.shomiti/products/explorer.html (No longer available) |
| Contact: | http://www.shomiti.com/contact/ |
| Overview: | Portable, or rack mount full-featured analysis and monitoring system. Capture packets can be accessed locally or remotely via Shomiti Surveyor software. |
| Access: | $$$ |
SnifferPro by Network Associates
| URL: | http://www.networkgeneral.com/products/sniffer_analysis.asp |
| Contact: | http://www.networkgeneral.com/company/contactus.asp |
| Overview: | Tools providing seven layer multi-topology, multi-protocol analysis. Sniffer Pro LAN offers a hardware option for full line rate full duplex packet capture for 100Mbps Ethernet. Additional expert analysis capabilities and advanced protocol decodes are also included in the software. Anomalies are categorized as non-critical 'symptoms' or 'diagnosis' faults requiring prompt attention. Sniffer Pro WAN offers WANbook or High Speed Serial Interface hardware options. It also includes software for WAN analysis and WAN transport troubleshooting. Sniffer Pro High-Speed offers ATMBook or Gigabit hardware options, as well as Discover Mode for detecting VPI/VCI pairs and ATM addresses generated by Permanent Virtual Circuits (PVCs) or SVCs. Sniffer Pro Packet over SONET targets high-speed SONET backbones. Sniffer Reporter generates graphical reports of RMON and RMON2 data over a long period of time. |
| Access: | $$$ |
Subcategory: Packet Analyzers (Software)
AppTransaction Xpert
| URL: | http://www.opnet.com/solutions/application_performance/apptransaction-xpert.html |
| Contact: | OPNET (info@opnet.com) |
| Overview: | AppTransaction Xpert makes extensive use of patented visualization and analytics to dramatically improve pre-deployment testing and prediction, and accelerate troubleshooting in production. |
| Access: | $$$ Contact OPNET at http://www.opnet.com/corporate/contact.html |
EtherPeek
| URL: | http://www.aggroup.com/products/etherpeek |
| Contact: | sales @ 4comm.com |
| Overview: | Real-time and post-capture packet filtering. Packet decoding for IP, IPv6, Apple, Netware, NetBEUI, NetBIOS, DECnet, SMB, OSI/TARP, others. Multiple traffic generation options. Can be used to monitor a switched network environment. |
| Access: | $995 |
ettercap
| URL: | http://ettercap.github.io/ettercap/ |
| Contact: | Alberto Ornaghi (alor@users.sourceforge.net) Marco Valleri (crwm@freemail.it) |
| Overview: |
ettercap is a multipurpose sniffer/interceptor/logger for LAN only.
It supports active and passive dissection of many protocols (even ciphered ones) and
includes many feature for network and host analysis. It does not do cryptanalysis on the ciphers.
The sniffer has four modes of operation:
|
| Access: | download (version 0.8.0) |
hping
| URL: | http://www.hping.org |
| Contact: | Salvatore Sanfilippo(antirez@invece.org) |
| Overview: | hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired by the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. While hping was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts. |
| Access: | download (version 2.0.0-rc1)
documentation papers |
LanExplorer
| URL: | http://www.intellimax.com/lanexplorer.htm |
| Contact: | http://www.intellimax.com/purchase.htm |
| Overview: | Windows-only packet analyzer providing GUI interface for network monitoring and protocol analysis. Captures all packets from the network segment (promiscuous mode). decodes 802.3, VLAN, Apple, Novell, Microsoft, and TCP/IP protocols. Graphical displays of accumulated and historical network statistics. Historical statistics with thresholds and alarms. Discovers all local PC hosts in different network segments. Shows host name instead of MAC/IP address in all application windows (from DNS query). (Formerly known as LanTrace.) |
| Access: | $$$ |
LANQuest Net/WRx
| URL: | http://www.lanquest.com/ |
| Contact: | info @ lanquest.com |
| Overview: | Powerful integrated analyzer/monitor application offering real-time network data, 7-layer packet decode and analysis, multi-layer capture and display filters, and packet slicing. |
| Access: | $2495 |
Shomiti Surveyor
| URL: | http://www.shomiti.com/products/surveyor.html |
| Contact: | http://www.shomiti.com/contact/ |
| Overview: | Powerful integrated analyzer/monitor application offering real-time network data, 7-layer packet decode and analysis, multi-layer capture and display filters, and packet slicing. |
| Access: | ~$19,000 |
LAN traffic monitor - RT
| URL: | http://www.statscout.com/ (No longer available) |
| Contact: | http://www.statscout.com/contactus.shtml |
| Overview: | LAN traffic monitor - RT (LTM-RT) is a real-time remote statistical LAN analyzer. It runs
entirely from a bootable FreeBSD floppy disk and can be accessed remotely.
LAN-RT reports on MAC/IP/Protocol types and node/conversation matrix.
It turns any network connected PC into a remote probe within 60 seconds.
LTM-RT monitors 10/100/1G ethernet and displays the following network segment data:
Other features of LTM-RT include web-based interface, running entirely in RAM from a single boot floppy, monitorring multiple networks simultaneously, enabling multiple user access and booting in approximately one minute. |
| Access: | Free |
Sniffer Basic - Network Associates Sniffer
| URL: | http://www.networkgeneral.com/Product_Home.aspx |
| Contact: | http://www.netscout.com/company/contact_us/Pages/default.aspx |
| Overview: | Tools providing seven layer multi-topology, multi-protocol analysis. Sniffer Basic is a software-only fault and performance management tool for LAN topologies using 10/100 Ethernet and 4/16 token ring. It captures data, monitors network traffic, and collects key network statistics. Sniffer Reporter generates graphical reports of RMON and RMON2 data over a long period of time. |
| Access: | $$$ |
Wireshark
| URL: | http://wireshark.org |
| Contact: | Wireshark Mailing Lists |
| Overview: | Data can be captured "off the wire" from a live network connection, or read from a capture file. Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer (uncompressed), Sniffer Pro, NetXray, snoop, Shomiti, AIX's iptrace, MS Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, and ISDN4BSD. It can also read traces made fromLucent/Ascend WAN routers and Toshiba ISDN routers. Any of these files can be compressed with gzip and Wireshark can decompress them on the fly. Many interfaces and packet types are supported. Output can be saved or printed as plain tex or PostScript. Output can be refined using display filters. |
| Access: | Freely downloadable (GNU) |
Traffic Monitors/Analyzers
AppResponse Xpert
| URL: | http://www.opnet.com/solutions/application_performance/appresponse-xpert.html |
| Contact: | OPNET (info@opnet.com) |
| Overview: | AppResponse Xpert uniquely combines end-user experience monitoring and in-depth analysis of the behavior and performance of the underlying network. It leverages the network's central role as a conduit for data and transactions to obtain complete visibility of IT services across the enterprise. |
| Access: | $$$ Contact OPNET at http://www.opnet.com/corporate/contact.html |
argus
| URL: | http://www.qosient.com/argus |
| Contact: | Carter Bullard (carter@qosient.com) |
| Overview: | Argus stands for the network Audit Record Generation and Utilization System. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. Argus can be used to analyze and report on the contents of packet capture files or it can run as a continuous monitor, examining data from a live interface; generating an audit log of all the network activity seen in the packet stream. Argus can be deployed to monitor individual end- systems, or an entire enterprises network activity. As a continuous monitor, Argus allows flexible strategies for collecting network audit data. Argus data clients support a range of operations, such as sorting, aggregation, archival and reporting. The network transaction audit data that Argus generates has been used for a wide range of tasks including Security Management, Network Billing and Accounting, Network Operations Management and Performance Analysis. |
| Access: | downloadable |
cflowd
| URL: | https://www.caida.org/tools/measurement/cflowd/ |
| Contact: | cflowd @ caida.org |
| Overview: |
Flow analysis tool for analyzing Cisco's NetFlow enabled switching method. Permits data collection and analysis
by ISPs and network engineers in support of capacity planning, trends analysis, and workload characterization in a
network service provider environment. Also useful for tracking Web hosting, accounting and billing,
network planning and anlalysis, network monitoring, developing user profiles, data warehousing and mining, as well as
security-related investigations.
Suggestions for setting up near-realtime visualization/reporting of traffic:
|
| Access: | Freely downloadable. Requires arts++ |
CoralReef
| URL: | https://www.caida.org/tools/measurement/coralreef/ |
| Contact: | coral-info @ caida.org |
| Overview: | CoralReef is a comprehensive software suite developed by CAIDA to collect and analyze data from passive Internet traffic monitors, in real time or from trace files. Realtime monitoring support includes system network interfaces (via libpcap), FreeBSD drivers for Apptel POINT (OC12 and OC3 ATM) and FORE ATM (OC3 ATM) cards, and support for Linux and FreeBSD drivers for Endace DAG (POS and ATM) cards. The package also includes programming APIs for C and perl, and applications for capture, analysis, and web report generation. |
| Access: | Freely downloadable
Demo |
Cricket
| URL: | http://cricket.sourceforge.net/ |
| Contact: |
cricket-users @ lists.sourceforge.net cricket-announce @ lists.sourceforge.net cricket-developers @ lists.sourceforge.net cricket-commits @ lists.sourceforge.net |
| Overview: | Traffic analysis tool for monitoring trends in time-series data. Cricket was expressly developed to help network managers visualize and understand the traffic on their networks. Cricket has two components: a collector and a grapher. The collector runs from cron every 5 minutes (or another specified time interval), and stores data into a data structure managed by RRDTool. Collected data can be graphed using a web-based interface. |
| Access: | Freely downloadable from here. |
InMon Traffic Server
| URL: | http://www.inmon.com/trafficserver.htm |
| Contact: | info @ inmon.com |
| Overview: | InMon Traffic Server is a web-based sFlow and NetFlow analyzer that provides access to real-time and historical traffic information. Traffic data is used to identify sources of congestion, detect and control DoS attacks, set effective QoS policies to meet SLAs, manage the deployment of new services, optimize peering relationships using BGP AS path data, and support usage-based accounting and billing. |
| Access: | $$$ |
flow-tools
| URL: | http://www.splintered.net/sw/flow-tools (original development)
http://code.google.com/p/flow-tools (active fork) http://ensight.eos.nasa.gov/FlowViewer/ |
| Contact: | flow-tools discussion group |
| Overview: |
flow-tools is library and a collection of programs used to collect, send, process, and generate reports from NetFlow data. The tools can be used together on a single server or distributed to multiple servers for large deployments. The flow-tools library provides an API for development of custom applications for NetFlow export versions 1,5,6 and the 14 currently defined version 8 subversions. FlowViewer provides a graphical user interface to the flow-tools software. |
| Access: | You can download flow-tools for free. |
ntop - network top
| URL: | http://www.ntop.org/ |
| Contact: | ntop @ listgateway.unipi.it |
| Overview: | ntop acts as a network traffic monitor and displays statistics and reports about network and subnetwork usage. ntop is based on the libpcap library and runs on most every Unix platform as well as Microsoft Windows. Reporting displays in the user's web browser. |
| Access: | Instructions on how to download ntop at http://www.ntop.org/download.html |
NetFlow
| URL: | http://www.cisco.com/en/US/tech/tk812/tsd_technology_support_protocol_home.html |
| Contact: | cs-netflow @ cisco.com |
| Overview: | Analyzes NetFlow statistics from Cisco routers and switches. Statistics can also be exported to Cisco SwitchProbe devices. NetFlow technology efficiently provides the metering base for applications such as accounting/billing, network planning, network monitoring, and outbound marketing for both service provider and enterprise customers. NetFlow may be deployed incrementally, on an interface-by-interface basis on strategically located edge, aggregation or WAN access routers, enabling flexible, differentiated IP services based on Cisco IOS QoS capabilities. |
| Access: | Built-in to Cisco IOS; Cisco analysis apps = $$$ |
Pipechar
| URL: | http://dsd.lbl.gov/DIDC/NCS/ |
| Contact: | author: Jin Guojun (jguojun@lbl.gov) |
| Overview: | Pipechar is a desktop version of NCS (the network characterization service). It uses some of the NCS functions to find the location of network bottleneck in a timely manner. It is advisable not to execute multiple pipechar runs to or from the same a host. |
| Access: | freely distributed |
Orca
| URL: | http://www.gps.caltech.edu/~blair/orca/ | ||||||||||||||||
| Contact: |
|
||||||||||||||||
| Overview: | Configuration file-based tool used for plotting time series data. Data is collected either under cron or when specified file(s) are modified. Orca is a Perl script that reads time-series text data and outputs HTML and PNG files. Additionally, Orcallator.se is a tool written for Sun machines that specifically collects system and web server statistics and runs on SPARC and x86 Solaris OS. | ||||||||||||||||
| Access: | Freely downloadable from here. |
SNMP Network Management Systems
Compaq TeMIP
| URL: | http://www.compaq.com/temip/ (No longer available) |
| Contact: | temipsales @ compaq.com |
| Overview: | Network service assurance solution. Unifies and integrates traffic monitoring, performance management, fault management, workflow and trouble-ticketing for a scalable, expandable range of infrastructures (leased lines, switching, ATM , Sonet/SDH, etc.) True end-to-end multi-vendor, multi-domain network and service management for voice and data services. Real-time control enables immediate action to maintain optimal operating conditions. Compaq Tru64 UNIX and Windows NT graphical user interface as well as web browser access enables monitoring and management access from anywhere. Supports access to standard SQL databases. Enables topology mapping as well as exchange of network topology details between dedicated applications. |
| Access: | $$$ |
NeTraMet
| URL: | https://www.caida.org/tools/measurement/netramet/ |
| Contact: | Nevil Brownlee (n.brownlee @ auckland.ac.nz) |
| Overview: | NeTraMet is an accounting meter which runs on a PC under DOS or a Unix system. It builds up packet and byte counts for traffic flows, which are defined by their end-point addresses. Addresses can be ethernet addresses, protocol addresses (IP, DECnet, EtherTalk, IPX or CLNS) or 'transport' addresses (IP port numbers, etc), or any combination of these. The traffic flows to be observed are specified by a set of rules, which are downloaded to NeTraMet by a 'manager' program. Traffic flow data is collected viaSNMP from NeTraMet by a 'collector' program. NeMaC, a combined manager and collector program, is supplied with NeTraMet. It downloads rules to meters, and collects data from them. Although a meter may only have one manager, its data can be collected by several collectors, which do not have to be synchronised. NeMaC can manage and collect data from an arbitrary number of meters. |
| Access: |
https://www.caida.org/tools/measurement/netramet/dist.xml
|
RTG
| URL: | http://rtg.sourceforge.net/ |
| Contact: | rtg@fireflynetworks.net |
| Overview: |
RTG is a flexible, scalable and high-performance SNMP statistics monitoring
system. It is designed for enterprises and service providers who need to
collect time-series SNMP data from a large number of targets quickly. All
collected data is inserted into a relational database that provides a common
interface for applications to generate complex queries and reports. RTG
includes utilities that generate configuration and target files, traffic
reports, 95th percentile reports and graphical data plots. These utilities
may be used to produce a web-based interface to the data.
Unique features of RTG include:
|
| Access: | Freely downloadable
sample output documentation |