Network traffic analysis for IR: Alternatives to Wireshark

Introduction

It is almost impossible to leave a conversation with a cybersecurity professional, take an introductory networking class, or break into ethical hacking without hearing about Wireshark. Wireshark is arguably the most popular tool and likely the gold standard when it comes to network protocol capture and analysis. 

From the moment the software runs, Wireshark presents to users a very detailed look at the activities occurring on a network and presents data ready for analysis across hundreds of protocols. 

However, without a proper introduction and training with the tool, Wireshark can be very daunting to decipher and understand. Similarly, it may be delivering you more data in an interface that may not always meet your particular needs. That is why this article will lay out some common alternatives to Wireshark that you could easily add to your information security toolbox.

Wireshark overview

While this article can serve as an introduction to several other powerful alternatives to Wireshark, there are arguably no other tools out there on the market — open-source and commercially available — that will tell you all of the information about a packet flying across your network like Wireshark does. Originally named Ethereal when it was released back in 1998, the open-source packet analyzer was renamed to Wireshark in 2006 and has since taken the computer science world by storm.

At its core, Wireshark puts its host’s network interface controllers into promiscuous mode so all the traffic passing by the interface is made visible to the user on its user interface. As it works, Wireshark’s dissectors break down what each packet is and the information that it is carrying (depending on the security protocols of the traffic), both over the air or off the wire. In other words, Wireshark works just like the native tcpdump command (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/QWnLz5bwMsM/