iperf
TRANSCRIPT
Iperf is a tool to measure the bandwidth and the quality of a network link. Jperf can be associated with Iperf to provide a graphical frontend written in Java.
The network link is delimited by two hosts running Iperf.
The quality of a link can be tested as follows:- Latency (response time or RTT): can be measured with the Ping command.- Jitter (latency variation): can be measured with an Iperf UDP test.- Datagram loss: can be measured with an Iperf UDP test.
The bandwidth is measured through TCP tests.
To be clear, the difference between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) is that TCP use processes to check that the packets are correctly sent to the receiver whereas with UDP the packets are sent without any checks but with the advantage of being quicker than TCP.Iperf uses the different capacities of TCP and UDP to provide statistics about network links.
Finally, Iperf can be installed very easily on any UNIX/Linux or Microsoft Windows system. One host must be set as client, the other one as server.
Here is a diagram where Iperf is installed on a Linux and Microsoft Windows machine.Linux is used as the Iperf client and Windows as the Iperf server. Of course, it is also possible to use two Linux boxes.
Iperf tests:
no arg. -b -r -d -w
Default settings Data format Bi-directional bandwidth Simultaneous bi-directional bandwidth TCP Window size
-p, -t, -i -u, -b -m -M -P -h
Port, timing and interval UDP tests, bandwidth settings Maximum Segment Size display Maximum Segment Size settings Parallel tests help
Jperf:
no arg. -d -u, -b
Default settings Simultaneous bi-directional bandwidth UDP tests, bandwidth settings
Default Iperf settings:Also check "Jperf section.
By default, the Iperf client connects to the Iperf server on the TCP port 5001 and the bandwidth displayed by Iperf is the bandwidth from the client to the server.
If you want to use UDP tests, use the -u argument.The -d and -r Iperf client arguments measure the bi-directional bandwidths. (See further on this tutorial)
Client side:
#iperf -c 10.1.1.1
------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16384 Byte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 33453 connected with 10.1.1.1 port 5001 [ 3] 0.0-10.2 sec 1.26 MBytes 1.05 Mbits/sec
Server side:
#iperf -s
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 33453 [ ID] Interval Transfer Bandwidth [852] 0.0-10.6 sec 1.26 MBytes 1.03 Mbits/sec
Data formatting: (-f argument)
The -f argument can display the results in the desired format: bits(b), bytes(B), kilobits(k), kilobytes(K), megabits(m), megabytes(M), gigabits(g) or gigabytes(G).Generally the bandwidth measures are displayed in bits (or Kilobits, etc ...) and an amount of data is displayed in bytes (or Kilobytes, etc ...).As a reminder, 1 byte is equal to 8 bits and, in the computer science world, 1 kilo is equal to 1024 (2^10).For example: 100'000'000 bytes is not equal to 100 Mbytes but to 100'000'000/1024/1024 = 95.37 Mbytes.
Client side:
#iperf -c 10.1.1.1 -f b
------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16384 Byte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 54953 connected with 10.1.1.1 port 5001 [ 3] 0.0-10.2 sec 1359872 Bytes 1064272 bits/sec
Server side:
#iperf -s
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 33453 [ ID] Interval Transfer Bandwidth [852] 0.0-10.6 sec 920 KBytes 711 Kbits/sec
Top of the page
Bi-directional bandwidth measurement: (-r argument)
The Iperf server connects back to the client allowing the bi-directional bandwidth measurement. By default, only the bandwidth from the client to the server is measured.If you want to measure the bi-directional bandwidth simultaneously, use the -d keyword. (See next test.)
Client side:
#iperf -c 10.1.1.1 -r
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 5] local 10.6.2.5 port 35726 connected with 10.1.1.1 port 5001 [ 5] 0.0-10.0 sec 1.12 MBytes 936 Kbits/sec [ 4] local 10.6.2.5 port 5001 connected with 10.1.1.1 port 1640 [ 4] 0.0-10.1 sec 74.2 MBytes 61.7 Mbits/sec
Server side:
#iperf -s
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 54355 [ ID] Interval Transfer Bandwidth [852] 0.0-10.1 sec 1.15 MBytes 956 Kbits/sec ------------------------------------------------------------ Client connecting to 10.6.2.5, TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [824] local 10.1.1.1 port 1646 connected with 10.6.2.5 port 5001 [ ID] Interval Transfer Bandwidth [824] 0.0-10.0 sec 73.3 MBytes 61.4 Mbits/sec
Simultaneous bi-directional bandwidth measurement: (-d argument)Also check the "Jperf" section.
To measure the bi-directional bandwidths simultaneousely, use the -d argument. If you want to test the bandwidths sequentially, use the -r argument (see previous test).By default (ie: without the -r or -d arguments), only the bandwidth from the client to the server is measured.
Client side:
#iperf -c 10.1.1.1 -d
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 5] local 10.6.2.5 port 60270 connected with 10.1.1.1 port 5001 [ 4] local 10.6.2.5 port 5001 connected with 10.1.1.1 port 2643 [ 4] 0.0-10.0 sec 76.3 MBytes 63.9 Mbits/sec [ 5] 0.0-10.1 sec 1.55 MBytes 1.29 Mbits/sec
Server side:
#iperf -s
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 60270 ------------------------------------------------------------ Client connecting to 10.6.2.5, TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [800] local 10.1.1.1 port 2643 connected with 10.6.2.5 port 5001 [ ID] Interval Transfer Bandwidth [800] 0.0-10.0 sec 76.3 MBytes 63.9 Mbits/sec [852] 0.0-10.1 sec 1.55 MBytes 1.29 Mbits/sec
TCP Window size: (-w argument)
The TCP window size is the amount of data that can be buffered during a connection without a validation from the receiver. It can be between 2 and 65,535 bytes.On Linux systems, when specifying a TCP buffer size with the -w argument, the kernel allocates double as much as indicated.
Client side:
#iperf -c 10.1.1.1 -w 2000
WARNING: TCP window size set to 2000 bytes. A small window size will give poor performance. See the Iperf documentation. ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 3.91 KByte (WARNING: requested 1.95 KByte) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 51400 connected with 10.1.1.1 port 5001 [ 3] 0.0-10.1 sec 704 KBytes 572 Kbits/sec
Server side:
#iperf -s -w 4000
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 3.91 KByte ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 51400 [ ID] Interval Transfer Bandwidth [852] 0.0-10.1 sec 704 KBytes 570 Kbits/sec
Communication port (-p), timing (-t) and interval (-i):
The Iperf server communication port can be changed with the -p argument. It must be configured on the client and the server with the same value, default is TCP port 5001. The -t argument specifies the test duration time in seconds, default is 10 secs. The -i argument indicates the interval in seconds between periodic bandwidth reports.
Client side:
#iperf -c 10.1.1.1 -p 12000 -t 20 -i 2
------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 12000 TCP window size: 16.0 KByte (default)
------------------------------------------------------------ [ 3] local 10.6.2.5 port 58316 connected with 10.1.1.1 port 12000 [ 3] 0.0- 2.0 sec 224 KBytes 918 Kbits/sec [ 3] 2.0- 4.0 sec 368 KBytes 1.51 Mbits/sec [ 3] 4.0- 6.0 sec 704 KBytes 2.88 Mbits/sec [ 3] 6.0- 8.0 sec 280 KBytes 1.15 Mbits/sec [ 3] 8.0-10.0 sec 208 KBytes 852 Kbits/sec [ 3] 10.0-12.0 sec 344 KBytes 1.41 Mbits/sec [ 3] 12.0-14.0 sec 208 KBytes 852 Kbits/sec [ 3] 14.0-16.0 sec 232 KBytes 950 Kbits/sec [ 3] 16.0-18.0 sec 232 KBytes 950 Kbits/sec [ 3] 18.0-20.0 sec 264 KBytes 1.08 Mbits/sec [ 3] 0.0-20.1 sec 3.00 MBytes 1.25 Mbits/sec
Server side:
#iperf -s -p 12000
------------------------------------------------------------ Server listening on TCP port 12000 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 12000 connected with 10.6.2.5 port 58316 [ ID] Interval Transfer Bandwidth [852] 0.0-20.1 sec 3.00 MBytes 1.25 Mbits/sec
UDP tests: (-u), bandwidth settings (-b)Also check the "Jperf" section.
The UDP tests with the -u argument will give invaluable information about the jitter and the packet loss. If you don't specify the -u argument, Iperf uses TCP. To keep a good link quality, the packet loss should not go over 1 %. A high packet loss rate will generate a lot of TCP segment retransmissions which will affect the bandwidth.
The jitter is basically the latency variation and does not depend on the latency. You can have high response times and a very low jitter. The jitter value is particularly important on network links supporting voice over IP (VoIP) because a high jitter can break a call.The -b argument allows the allocation if the desired bandwidth.
Client side:
#iperf -c 10.1.1.1 -u -b 10m
------------------------------------------------------------ Client connecting to 10.1.1.1, UDP port 5001 Sending 1470 byte datagrams UDP buffer size: 108 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 32781 connected with 10.1.1.1 port 5001 [ 3] 0.0-10.0 sec 11.8 MBytes 9.89 Mbits/sec [ 3] Sent 8409 datagrams [ 3] Server Report: [ 3] 0.0-10.0 sec 11.8 MBytes 9.86 Mbits/sec 2.617 ms 9/ 8409 (0.11%)
Server side:
#iperf -s -u -i 1
------------------------------------------------------------ Server listening on UDP port 5001 Receiving 1470 byte datagrams UDP buffer size: 8.00 KByte (default) ------------------------------------------------------------ [904] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 32781 [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [904] 0.0- 1.0 sec 1.17 MBytes 9.84 Mbits/sec 1.830 ms 0/ 837 (0%)
[904] 1.0- 2.0 sec 1.18 MBytes 9.94 Mbits/sec 1.846 ms 5/ 850 (0.59%) [904] 2.0- 3.0 sec 1.19 MBytes 9.98 Mbits/sec 1.802 ms 2/ 851 (0.24%) [904] 3.0- 4.0 sec 1.19 MBytes 10.0 Mbits/sec 1.830 ms 0/ 850 (0%) [904] 4.0- 5.0 sec 1.19 MBytes 9.98 Mbits/sec 1.846 ms 1/ 850 (0.12%) [904] 5.0- 6.0 sec 1.19 MBytes 10.0 Mbits/sec 1.806 ms 0/ 851 (0%) [904] 6.0- 7.0 sec 1.06 MBytes 8.87 Mbits/sec 1.803 ms 1/ 755 (0.13%) [904] 7.0- 8.0 sec 1.19 MBytes 10.0 Mbits/sec 1.831 ms 0/ 850 (0%) [904] 8.0- 9.0 sec 1.19 MBytes 10.0 Mbits/sec 1.841 ms 0/ 850 (0%) [904] 9.0-10.0 sec 1.19 MBytes 10.0 Mbits/sec 1.801 ms 0/ 851 (0%) [904] 0.0-10.0 sec 11.8 MBytes 9.86 Mbits/sec 2.618 ms 9/ 8409 (0.11%)
Maximum Segment Size (-m argument) display:
The Maximum Segment Size (MSS) is the largest amount of data, in bytes, that a computer can support in a single, unfragmented TCP segment.It can be calculated as follows:MSS = MTU - TCP & IP headersThe TCP & IP headers are equal to 40 bytes.The MTU or Maximum Transmission Unit is the greatest amount of data that can be transferred in a frame.Here are some default MTU size for different network topology:Ethernet - 1500 bytes: used in a LAN. PPPoE - 1492 bytes: used on ADSL links. Token Ring (16Mb/sec) - 17914 bytes: old technology developed by IBM. Dial-up - 576 bytes
Generally, a higher MTU (and MSS) brings higher bandwidth efficiency
Client side:
#iperf -c 10.1.1.1 -m
------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 41532 connected with 10.1.1.1 port 5001 [ 3] 0.0-10.2 sec 1.27 MBytes 1.04 Mbits/sec [ 3] MSS size 1448 bytes (MTU 1500 bytes, ethernet)
Here the MSS is not equal to 1500 - 40 but to 1500 - 40 - 12 (Timestamps option) = 1448
Server side:
#iperf -s
Maximum Segment Size (-M argument) settings:
Use the -M argument to change the MSS. (See the previous test for more explanations about the MSS)
#iperf -c 10.1.1.1 -M 1300 -m
WARNING: attempt to set TCP maximum segment size to 1300, but got 536 ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 41533 connected with 10.1.1.1 port 5001 [ 3] 0.0-10.1 sec 4.29 MBytes 3.58 Mbits/sec [ 3] MSS size 1288 bytes (MTU 1328 bytes, unknown interface)
Server side:
#iperf -s
Parallel tests (-P argument):
Use the -P argument to run parallel tests.
Client side:
#iperf -c 10.1.1.1 -P 2
------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 41534 connected with 10.1.1.1 port 5001 [ 4] local 10.6.2.5 port 41535 connected with 10.1.1.1 port 5001 [ 4] 0.0-10.1 sec 1.35 MBytes 1.12 Mbits/sec [ 3] 0.0-10.1 sec 1.35 MBytes 1.12 Mbits/sec [SUM] 0.0-10.1 sec 2.70 MBytes 2.24 Mbits/sec
Server side:
#iperf -s
Iperf help:
#iperf -h
Usage: iperf [-s|-c host] [options] iperf [-h|--help] [-v|--version]
Client/Server:
-f-i-l-m-p-u-w-B-C-M-N-V
--format --interval --len --print_mss --port --udp --window --bind --compatibility --mss --nodelay --IPv6Version
[kmKM] # #[KM] # #[KM] "host" #
format to report: Kbits, Mbits, KBytes, MBytes seconds between periodic bandwidth reports length of buffer to read or write (default 8 KB) print TCP maximum segment size (MTU - TCP/IP header) server port to listen on/connect to use UDP rather than TCP TCP window size (socket buffer size) bind to "host", an interface or multicast address for use with older versions does not sent extra msgs set TCP maximum segment size (MTU - 40 bytes) set TCP no delay, disabling Nagle's Algorithm Set the domain to IPv6
Server specific:
-s-U-D
--server --single_udp --daemon
run in server mode run in single threaded UDP mode run the server as a daemon
Client specific:
-b --bandwidth #[KM] for UDP, bandwidth to send at in bits/sec (default 1 Mbit/sec, implies -u)
-c-d-n-r-t-F-I-L-P-T
--client --dualtest --num --tradeoff --time --fileinput --stdin --listenport --parallel --ttl
"host" #[KM] # "name" # # #
run in client mode, connecting to "host" Do a bidirectional test simultaneously number of bytes to transmit (instead of -t) Do a bidirectional test individually time in seconds to transmit for (default 10 secs) input the data to be transmitted from a file input the data to be transmitted from stdin port to recieve bidirectional tests back on number of parallel client threads to run time-to-live, for multicast (default 1)
Miscellaneous:
-h-v
--help --version
print this message and quit print version information and quit
Top of the page
JPERF
Jperf is a graphical frontend for Iperf written in Java.
1. Installation:
Download Jperf.
Linux
Uncompress the downloaded file:
#tar -xvf jperf2.0.0.zip
Launch Jperf.
#cd jperf2.0.0#./jperf.sh
If you have the following message, it means that you need to install Iperf with: "apt-get install iperf"
Iperf is probably not in your Path!Please download it here 'http://dast.nlanr.net/Projects/Iperf/'
and put the executable in your PATH environment variable.
Microsoft Windows
Uncompress the downloaded file with your favorite program.Access the uncompressed folder called by default "jperf2.0.0" and double-click on "jperf.bat". Note that the iperf utility is already present in the /bin folder.
2. Examples:
Default settings, bandwidth measurement:Also check "Iperf" section for more details.
- Linux client:
- Windows server:
Simultaneous bi-directional bandwidth measurement:
Also check "Iperf" section for more details.
- Linux client:
- Windows server:
Top of the page Jperf
Jitter measurement:
Also check "Iperf" section for more details.
- Linux client:
- Windows server:
Iperf Tool
Definition
Iperf is the network tool which is used to verify the wired and wireless link bandwidth and throughput. The
tool is helpful to check the health of the link, common thing people do is blame service providers when they
face any issue but it’s possible that problem could be at customer premises. End-to-end status can be
checked for both TCP and UDP will be discussed shortly in the below section.
Iperf is available for windows and Linux and can be easily available on internet for free of cost. It is an
executable file not requires any installation just directly run it as a server and client means two systems are
necessary for the process with the iperf running as a server in one machine and client on second machine.
Wikipedia Definition
Iperf is a commonly used network testing tool that can create TCP and UDP data streams and measure the
throughput of a network that is carrying them. Iperf is a modern tool for network performance measurement
written in C++.
Iperf allows the user to set various parameters that can be used for testing a network, or alternately for
optimizing or tuning a network. Iperf has a client and server functionality, and can measure the throughput
between the two ends, either unidirectonally or bi-directionally. It is open source software and runs on
various platforms including linux, unix and windows. It is supported by the National Laboratory for Applied
Network Research.
When used for testing udp capacity, Iperf allows the user to specify the datagram size and provides results
for the datagram throughput and the packet loss.
When used for testing tcp capacity, Iperf measures the throughput of the payload. One thing to note is that
Iperf uses 1024*1024 for Megabytes and 1000*1000 for Megabits. There is a GUI front end available called
jperf.
Typical Iperf output contains a timestamped report of the amount of data transferred and the throughput
measured.
Iperf is significant as it is a standardized tool that can be run over any network and output standardized
performance measurements. Thus it can be used for comparison of wired and wireless networking
equipment and technologies in an unbiased way. As it is open source, the measurement methodology can
be scrutinized by users.
Sequential flow
Figure-1 Infrastructure of the network
1. Connect host A and Host B with an Ethernet Cross cable (100 Mbps).
2. Assign IP addresses to host A and Host B.
Figure-2 Assigning IP to Host A and Host B
CHECK BANDWIDTH OF LINK
Host A IP Configuration Host B IP Configuration
3. The location of Iperf.exe is C drive.
Figure-4 iperf.exe location
4. Run Iperf as a Server on Host A as shown in the figures below.
Figure-5 Open command prompt on Host A
Figure-6 Run server process of Iperf on Host A
5. Now Host A working as a Server.
Figure-7 Iperf Process running on Host A
IPERF PROCESS
6. Server is prepared to listen for client connection, which will be in that case is Host
B running the client process as shown in the figures below.
Figure-8 Iperf.exe location on Host B (Client)
IPERF.EXE
Figure-9 Check the status of server
RUN DIALOG
Figure-10 Open the command prompt on client
Figure-11 Running Iperf process on Host A to connect Iperf Server
NOTE: To connect client with server, Ip address should be provided in correct format, host A must running
the server iperf process to listen for the client connection or connections on port 5001 by default.
7. Figure-11 displaying the result of default file transfer from client machine (Host B) to server machine (Host
A). Client machine using port 1063 to connect on the listening port of server which is by default port 5001.
The link bandwidth is 94.4 Mbits/sec Client transfers 113 Mbytes file to server as shown in the figure.
Figure-11 Transferring word document from client to server
Figure-12 transferring audio Mp3 format file from client to server
Figure-13 transferring Video Avi format file from client to server
Figure-14 Transferring movie file by establishing parallel connection with server
Figure-15 Messages on the server machine
8. To check the summary of commands use help.
Figure-16 Summary of commands in Iperf
Packet analyzerFrom Wikipedia, the free encyclopedia
This article relies largely or entirely upon a single source. Please help improve this article by introducing appropriate citations to additional sources. (November 2008)
A packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular
types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece
of computer hardware that can intercept and log traffic passing over a digitalnetwork or part of a
network.[1] As data streams flow across the network, the sniffer captures each packet and, if
needed, decodes and analyzes its content according to the appropriate RFC or other
specifications.
Contents
[hide]
1 Capabilities
2 Uses
3 Notable free packet analyzers
4 Notable commercial packet analyzers
5 See also
6 References
7 External links
[edit]Capabilities
On wired broadcast LANs, depending on the network structure (hub or switch), one can capture traffic
on all or just parts of the network from a single machine within the network; however, there are some
methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the
network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all
data packets in a LAN by using a network switch with a so-called monitoring port, whose purpose is to
mirror all packets passing through all ports of the switch when systems (computers) are connected to a
switch port.
On wireless LANs, one can capture traffic on a particular channel.
On wired broadcast and wireless LANs, to capture traffic other than unicast traffic sent to the machine
running the sniffer software, multicasttraffic sent to a multicast group to which that machine is listening,
and broadcast traffic, the network adapter being used to capture the traffic must be put
into promiscuous mode; some sniffers support this, others don't. On wireless LANs, even if the adapter
is in promiscuous mode, packets not for the service set for which the adapter is configured will usually
be ignored. To see those packets, the adapter must be inmonitor mode.
The captured information is decoded from raw digital form into a human-readable format that permits
users of the protocol analyzer to easily review the exchanged information. Protocol analyzers vary in
their abilities to display data in multiple views, automatically detect errors, determine the root causes of
errors, generate timing diagrams, etc.
Some protocol analyzers can also generate traffic and thus act as the reference device; these can act
as protocol testers. Such testers generate protocol-correct traffic for functional testing, and may also
have the ability to deliberately introduce errors to test for the DUT's ability to deal with error conditions.
[edit]Uses
The versatility of packet sniffers means they can be used to:
Analyze network problems
Detect network intrusion attempts
Detect network misuse by internal and external users
Documenting regulatory compliance through logging all perimeter and endpoint traffic
Gain information for effecting a network intrusion
Isolate exploited systems
Monitor WAN bandwidth utilization
Monitor network usage (including internal and external users and systems)
Monitor data-in-motion
Monitor WAN and endpoint security status
Gather and report network statistics
Filter suspect content from network traffic
Serve as primary data source for day-to-day network monitoring and management
Spy on other network users and collect sensitive information such as passwords (depending
on any content encryption methods which may be in use)
Reverse engineer proprietary protocols used over the network
Debug client/server communications
Debug network protocol implementations
Verify adds, moves and changes
Verify internal control system effectiveness (firewalls, access control, Web filter, Spam filter,
proxy)
[edit]Notable free packet analyzers
For a more comprehensive list, see Comparison of packet analyzers .
Capsa Free
Cain and Abel
dSniff
ettercap
Microsoft Network Monitor
ngrep Network Grep
snoop
tcpdump
Wireshark (formerly known as Ethereal)
[edit]Notable commercial packet analyzers
Capsa Enterprise
Carnivore
Clarified Analyzer
CommView by TamoSoft
Congruity Inspector Software
Fluke Lanmeter
NetScout Sniffer Global Analyzer
NetScout Sniffer Portable Professional Analyzer
Network Instruments Observer
Niksun NetDetector
OPNET Technologies ACE Analyst
SkyGrabber
WildPackets OmniPeek (old name AiroPeek, EtherPeek)