Your devices talk with each other every day and a packet capture tool can tell you a lot about the content of those conversations. Whether it’s malicious communications or non-essential applications consuming lots of bandwidth, or high latency, a packet sniffer can tell you.
Here is our list of the best packet capture tools:
- Paessler PRTG Network Monitor (FREE TRIAL) Network monitoring tool with a packet sniffing sensor and custom alerts system.
- SolarWinds Network Performance Monitor (FREE TRIAL) Network monitoring tool with a packet analyzer, quality of experience (QoE) dashboard and custom alerts.
- Wireshark Open-source packet analyzer that can capture and filter packets.
- ManageEngine NetFlow Analyzer NetFlow analyzer tool with reports and a threshold-based alerts system.
- Colasoft Capsa Network analyzer that supports over 1800 different protocols.
- Tcpdump Free command-line packet capture tool for UNIX that supports TCP, UDP, and ICMP.
- Kismet Wireless network detector, packet sniffer, and intrusion detection tool with 802.11 monitoring.
- Steel Central Packet Analyzer Plus Packet sniffing tool with customizable views, an alerts system, and reports.
The best packet capture tools
1. Paessler PRTG Network Monitor (FREE TRIAL)
Paessler PRTG Network Monitor is a network monitoring tool that has a packet sniffer/bandwidth monitoring function. For bandwidth monitoring, the software can monitor the availability, bandwidth usage, and upload/download speeds in real-time with SNMP and WMI.
There is a range of sensors you can use to monitor performance including the Packet Sniffer sensor. The Packet Sniffer sensor analyses IRC AIM, Citrix, FTP/P2P, Mail, WWW, RDP, SSH, Telnet, and VNC.
The sensor includes a break down of the Top Talkers, Top Connections, and Top Protocols. Each of these can be viewed as pie charts, making it easy to see how network resources are consumed between devices. Other statistics are broken down with charts and dials so that you can read them easily from a distance.
Configurable alerts let you know when network traffic usage is behaving unusually. The user can configure alerts to be sent by email, SMS, slack message, push notification, Syslog message, SNMP trap, and more. You can also use automated responses such as executing a program or HTTP action.
PRTG Network Monitor is a good place to start if you want a packet capture tool that’s easy to use. The software is free for less than 100 sensors. Paid versions start at $1,600 (£1,211). You can download the 30-day free trial.
2. SolarWinds Network Performance Monitor (FREE TRIAL)
SolarWinds Network Performance Monitor is a network monitoring platform with a network packet analyzer that can capture data from over 1,200 applications out-of-the-box. With SolarWinds Network Performance Monitor you can measure packet transfer in real-time through the Quality of Experience (QoE) dashboard.
Through the dashboard, you can view services with the top response times on a graph. You can also view traffic types as categories such as destination IP address, port usage, and application type.
Custom alerts allow you to determine when you receive a notification on packet status. You can opt to receive alerts via email or SMS. To avoid false positives, the platform uses dynamic baselines to detect genuine performance deviations without overwhelming you with fake alerts.
SolarWinds Network Performance Monitor is a formidable network analyzer that’s easy to navigate and configure. The price of the program starts at $2,995 (£2,268). You can download a 30-day free trial.
Wireshark is a free open-source packet analyzer you can use to inspect network traffic in real-time. You can launch a scan and view the captured packet data on the screen in a table format. Once you’ve finished the scan you can press the stop button.
To help you navigate you can use capture and display filters to cut down on the amount of traffic you see on screen. Once you’ve finished the scan you can export the results in plain text, XML, CSV, or PostScript.
Color coding also helps you to distinguish different types of traffic. Different traffic types are shown in different colors. For example, TCP traffic is a different color to UDP traffic. You can change the color of different packet rights by creating your own color rules to customize the traffic colors.
Wireshark is worth a look if you’re looking for a free traffic analyzer that’s accessible. The GUI and filter system make the tool hassle-free to use. The software is available for Windows, Linux, Mac OS, Solaris, FreeBSD, NetBSD, and more. You can download the program for free.
4. ManageEngine NetFlow Analyzer
ManageEngine NetFlow Analyzer is a NetFlow analysis tool that supports NetFlow, sFlow, IPFIX, Netstream, J-Flow, and AppFlow. The tool allows you to view network traffic in real-time with graphs. To help make sense of the data more easily you can measure bandwidth by user, device, or application to see which entities are consuming the most resources. The top consumers can be viewed as pie charts.
Threshold-based alerts can be configured to notify you whenever traffic usage matches certain trigger conditions. Create alert profiles to determine when you receive alerts by email and SMS. Having notifications allows you to automatically be notified when your end-users experience performance issues.
To follow up on performance issues you can create reports. When creating reports you can select the report type, data points used, report options, time period, device, and more. Creating reports allows you to reflect back on network usage over time.
ManageEngine NetFlow Analyzer is an excellent packet capture tool, that’s suitable for SME’s and midsize organizations. It’s accessible with a straightforward user interface. ManageEngine NetFlow Analyzer is available on Windows and Linux. You can download a free trial.
5. Colasoft Capsa
Colasoft Capsa is a network analyzer for Windows that can monitor packets in real-time. The software supports over 1800 different protocols that you can monitor through the dashboard. On the dashboard, you can view network usage as visual components like graphs and charts. For example, you can view graphs on Top Application Protocols by Bytes or Top IP Total Traffic by Bytes.
You can schedule packet capture scans to run at a specific time period, whether daily or weekly. Regular scans make sure that you don’t miss out on any evolving performance concerns. In the event that you do miss something, email and audio alerts keep you notified when a networking event needing your attention occurs.
Colasoft Capsa is recommended for enterprises that want a competitively priced network analyzer for Windows. The software starts at $995 (£753). You can download the free trial version.
Tcpdump is an open-source packet analysis tool based in the command line and capture protocols including TCP, UDP, and ICMP. The tool is included by default with a number of different Linux distributions and can be used to capture packets and view packet contents on the screen.
Once you start scanning your network, the software will continue to generate results until you send it an interrupt signal or it reaches the packet limit you specified. The tool can report counts of packets captured, received by the filter, and dropped by kernel. You can also filter captured packets by source, destination, and protocol to help navigate.
Tcpdump isn’t as modern as some of the other tools on this list but its packet monitoring capabilities still hold up. Tcpdump is available on Unix. There is also a version of the tool available for Windows called WinDump. You can download the program for free.
Kismet is a wireless network detector, packet-sniffing, and intrusion detection tool. Kismet supports 802.11 monitoring and can monitor network traffic without leaving behind any fingerprints. In addition, the tool can also discover hidden networks that don’t broadcast an SSID.
The software has a substantial amount of documentation and an active user community behind it, providing newbies with enough information to learn more about the program. There is also a range of plugins that you can use to extend the core features. For example, the Kestrel plugin provides you with live mapping so you can view the location of devices in the network.
Kismet is ideal for enterprises that want packet sniffing software with extra functions and a range of configuration options (although it isn’t the easiest tool to use!) Kismet is available on Linux, macOS, and Windows 10 (under the WSL framework). You can download the program for free.
8. Steel Central Packet Analyzer Plus
Steel Central Packet Analyzer Plus is a packet analysis tool that allows you to monitor network traffic. The user can draft-and-drop views onto virtual interfaces to monitor network traffic through graphs and charts. You can switch between views of bandwidth usage, talkers and conversations, user activity, and more.
If you spot any problematic traffic then you can isolate it to take a closer look. However, if you don’t spot a problem you can rely on alerts. The alerts system allows you to set trigger conditions for notifications. Alerts can be configured for issues such as high bandwidth or round-trip time. You can also generate reports on network traffic in PDF, Word, and Excel formats.
Steel Central Packet Analyzer Plus is a good tool for those who want a simple GUI-based packet sniffer. Steel Central Packet Analyzer Plus integrates with Wireshark and Riverbed Steel Center Transaction Analyzer. If you want to view pricing information you will have to contact the sales team. You can download a free trial.
Regularly monitoring your network traffic is a must for making sure that your resource usage is being optimized. Packet analysis tools can be tremendously valuable for examining network conversations and finding inefficient communications and malicious cyber attacks.
With the range of options on the market, you have complete control over the type of monitoring experience you can go for. If you’re looking for a GUI-based tool then we recommend PRTG Network Monitor, because of its user-friendly interface and low price point.
Wireshark also stands up as a viable open-source alternative for less experienced users. Other tools like Tcpdump and Kismet are a good fit for those who are comfortable working with the command line.