a summary of network analysis software
Network failures have not stopped since the advent of the network. How to locate the fault quickly and accurately and keep the stable operation of the network is always the goal that people pursue. In order to analyze the causes of network failure, a class of professional network analysis software is produced. Network analysis software acts as a troubleshooting tool for Web bugs, which developers use to discover bugs in protocol development, which many use to monitor network data and also as a tool for checking security-class software.
Network analysis software from generation to now has gone through three stages:
The first stage is the grasping package and decoding stage. The early network size is smaller, the structure is relatively simple, so the network analysis software is mainly to grasp the data packets on the network, and then to decode, in order to help the protocol designers to analyze software communication failures.
The second stage is the expert system stage. Network analysis software by grasping the data packet, according to its characteristics and the relationship between the time stamp, to determine the network data flow is no problem, which layer of the problem, how serious. The expert system is not only limited to decoding, but also helps the maintenance personnel to analyze the network fault, the expert system will give the suggestion and the solution.
The third stage is to develop network analysis tools into network management tools. Network analysis software as a network management tool, deployed in the network center, can long-term monitoring, can actively manage the network, can eliminate potential problems. features of 二、三款 software 1. Wireshark 0.99.4
Wireshark is an efficient and free network capture analysis tool. It captures and describes the data in the network cable as visually visible as using a multimeter to measure the voltage. In the field of network analysis software, most of the software is either obscure or expensive, Wireshark changed the situation, its biggest feature is free, open source and multi-platform support.
Wireshark can run on almost all popular operating platforms, such as Ms Windows, Mac OS, Linux, FreeBSD, HP-UX, NetBSD, solaris/i386, Solaris/sparc, and so on. Although Wireshark can be used on many operating platforms, it supports mainly Ethernet transmission vectors. Only the Linux platform Wireshark supports 802.11 and Token ring, FDDI, and ATM.
Wireshark is able to parse most LAN protocols and has the advantages of simple interface, easy operation and real-time display of data capture. But Wireshark does not have the analysis function, when a network is unusual, the Wireshark only can record the data, it is only a measuring tool, does not operate the network, does not send the data packet or does other active action.
Wireshark There is also a known serious bug where a memory overflow will terminate when the Wireshark runtime buffer occurs. This bug is determined by the interface and platform originally designed and cannot be resolved in the short term. 2. NAI Sniffer Portable 4.7.5
NAI's network analysis tool sniffer has long been a trump card for network analytics software. Sniffer has long accumulated experience and long-standing problems caused by the continuation of the old system. Long-term development has enabled sniffer to have a strong professional analysis capability, but it has continued the DOS, WIN95-era elements and earlier technologies, making it available only on Windows platforms. Sniffer has a simple function of outsourcing, and several auxiliary test gadgets such as ping, Finger, trace, DNS lookup, and so on.
Sniffer has three major functions: 1. Protocol resolution (DECODE) 2. Network activity Monitoring (monitor) 3. Expert Analysis System (EXPERT)
Sniffer and Wireshark can be used to resolve network protocols, and the protocols that are supported extend from LAN to WAN and have some support for wireless networks. Sniffer's protocol parsing is very detailed, and the description of the protocol is very layered. Although Sniffer has a strong protocol resolution capability, it does not display captured packets in real time, which can be inconvenient when a protocol developer is looking for a problem.
The Sniffer protocol parsing function can be used to learn various protocols and find network failures. But in fact, many problems are not as obvious as the fault, such as network slow or packet loss, single protocol parsing is difficult to find. At this time sniffer's network activity monitoring function can directly see the network's current operating conditions, once the network problems can be quickly discovered. Sniffer with intuitive graphics real-time display network traffic, session, protocol, packet size, error and other information.
Sniffer's expert function is its most valued function and its most outstanding function. Sniffer expert system in the background for us to work, once the trigger conditions have produced the corresponding action, and then through audio-visual signals to inform us.
Through the expert system, sniffer can help us to evaluate the performance of the network, such as network usage, network performance trends, which applications in the network consume the most bandwidth, which users on the network consume the most bandwidth, the traffic status of different protocols, etc.
Through expert system, sniffer can help us to evaluate the running state of the business, such as the response time of each application, the time of operation, the consumption of application bandwidth, the behavior characteristic of application, the bottleneck of application performance and so on.
With expert systems, sniffer can quickly detect abnormal traffic and network attacks, which helps us to take early steps. Sniffer can help us to do flow trend analysis, through long-term monitoring, you can find the development trend of network traffic, for the network when the upgrade to provide suggestions and basis. 3. wildpackets OmniPeek 4.0
OmniPeek is an Up-and-comer of network analysis software, because it is designed with a large number of Windows XP and 2000 elements and more popular software design technology, and pay more attention to the requirements of network software, internationalization-oriented, support multi-language, So OmniPeek is more concise and user-friendly, and it supports more new technologies and applications. Because of the use of new technology, OmniPeek has a lot of plugin, can easily expand the function. Like sniffer, OmniPeek can send a few simple packets, but also has three functions: 1. Protocol resolution (DECODE) 2. Network activity Monitoring (monitor) 3. Expert Analysis System (Expert).
OmniPeek can support the wireless network very well, provide the rich wireless card mixed grasping the package mode driver, is the wireless protocol analysis Sharp weapon. OmniPeek also has a good support for gigabit networks, whether it is protocol analysis or network monitoring has a good performance.
Unlike sniffer, OmniPeek attaches more importance to visual images (visualize), and many of its operations are done graphically. OmniPeek focuses on the analysis of the whole phenomenon, with "flow (tcp/udp communication pair)" as the object to study, make the analysis result easy to understand, greatly improve the efficiency. OmniPeek's expert system is based on the "flow" analysis, the overall analysis of the session is better, but in the specific details of a slight shortage.
OmniPeek integrates the distributed expert (DNX) system functionality, which provides engine that can be deployed in various parts of the network. The distributed expert system controls multiple engine to obtain the whole network through a console, and the console operation interface is the same as the ordinary network analysis interface. Through the OmniPeek distributed expert system, we can extend the monitoring to the place where the console can't be reached directly, so we can understand the operation of the network more comprehensively. Comparison of 三、三款 software 1. Function comparison
Wireshark is a typical network grasping tool, which has the characteristics of the first generation network analysis software. As software continues to update, Wireshark also has a bit of simple graphical monitoring capabilities. Wirshark Resolution Protocol is mainly the LAN protocol, it supports the media is mainly Ethernet, function is relatively single, high efficiency. Wireshark does not have the network State analysis function, can not provide the reference opinion to the network question.
NAI's sniffer functionality covers several parts of protocol resolution, network monitoring, and intelligent management. Sniffer protocol parsing is very detailed, especially for WAN Protocol parsing is very comprehensive, but the scalability is not very strong, new protocol support update is slow. Sniffer's network state monitoring function is also very powerful, can monitor traffic, bandwidth, protocol, application response time, session host and other information, and graphically displayed in the form. Sniffer's expert features are very detailed, layered in strict accordance with the Protocol, and each detail is considered. In addition, it carries on the classification to the network unusual condition, causes us to be easy to find the corresponding question.
OmniPeek features are roughly the same as sniffer, and covers several parts of protocol resolution, network monitoring, and intelligent management. OmniPeek has no sniffer support protocol resolution, but it is more powerful than sniffer for wireless and speech parsing. OmniPeek expert function is not sniffer meticulous, function is not sniffer strong. Iv. Summary
Wireshark is a small, open source and can be used in almost all popular operating systems under the Grab tool software, is very suitable for General Staff Learning Network protocol use, but also protocol developers to verify the protocol a good tool. Since there is a cache overflow bug in Wireshark, it is not recommended to be used for analyzing large traffic gigabit networks or for gigabit network analysis.
Sniffer Portable has super expert analysis ability, and expensive, use it to GRASP Package analysis protocol is a waste. For large security-demanding networks, it is a good choice to use sniffer's expert analysis and preview capabilities. In addition, there are sniffer options and distributed hardware to choose from, together with the use of a perfect security monitoring system, this cost is still worthwhile.
The
OmniPeek represents a force of forces, and it has good support for wireless networks, voice and other technologies. OmniPeek can use a lot of plugin so that it can quickly adapt to emerging businesses and applications. So OmniPeek is very suitable for the network is not very large, the application of frequently updated environment. Wireless environments and Gigabit environments can also choose OmniPeek.