Iperf is a tool to measure the bandwidth and the quality of a network link. Jperf can be associated with Iperf to provide a graphical frontend written in Java. 

The network link is delimited by two hosts running Iperf. 

The quality of a link can be tested as follows:- Latency (response time or RTT): can be measured with the Ping command.- Jitter (latency variation): can be measured with an Iperf UDP test.- Datagram loss: can be measured with an Iperf UDP test.

The bandwidth is measured through TCP tests. 

To be clear, the difference between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) is that TCP use processes to check that the packets are correctly sent to the receiver whereas with UDP the packets are sent without any checks but with the advantage of being quicker than TCP.Iperf uses the different capacities of TCP and UDP to provide statistics about network links. 

Finally, Iperf can be installed very easily on any UNIX/Linux or Microsoft Windows system. One host must be set as client, the other one as server.

Here is a diagram where Iperf is installed on a Linux and Microsoft Windows machine.Linux is used as the Iperf client and Windows as the Iperf server. Of course, it is also possible to use two Linux boxes. 

Iperf tests:

no arg. -b -r -d -w  

Default settings Data format Bi-directional bandwidth Simultaneous bi-directional bandwidth TCP Window size  

-p, -t, -i -u, -b -m -M -P -h

Port, timing and interval UDP tests, bandwidth settings Maximum Segment Size display Maximum Segment Size settings Parallel tests help

Jperf:

no arg. -d -u, -b

Default settings Simultaneous bi-directional bandwidth UDP tests, bandwidth settings

 Default Iperf settings:Also check "Jperf section. 

By default, the Iperf client connects to the Iperf server on the TCP port 5001 and the bandwidth displayed by Iperf is the bandwidth from the client to the server.

If you want to use UDP tests, use the -u argument.The -d and -r Iperf client arguments measure the bi-directional bandwidths. (See further on this tutorial)

 Client side:

#iperf -c 10.1.1.1

------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16384 Byte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 33453 connected with 10.1.1.1 port 5001 [ 3]   0.0-10.2 sec   1.26 MBytes   1.05 Mbits/sec 

 Server side:

#iperf -s

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 33453 [ ID]   Interval          Transfer       Bandwidth [852]   0.0-10.6 sec   1.26 MBytes   1.03 Mbits/sec 

 Data formatting: (-f argument)

The -f argument can display the results in the desired format: bits(b), bytes(B), kilobits(k), kilobytes(K), megabits(m), megabytes(M), gigabits(g) or gigabytes(G).Generally the bandwidth measures are displayed in bits (or Kilobits, etc ...) and an amount of data is displayed in bytes (or Kilobytes, etc ...).As a reminder, 1 byte is equal to 8 bits and, in the computer science world, 1 kilo is equal to 1024 (2^10).For example: 100'000'000 bytes is not equal to 100 Mbytes but to 100'000'000/1024/1024 = 95.37 Mbytes.

 Client side:

#iperf -c 10.1.1.1 -f b

------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16384 Byte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 54953 connected with 10.1.1.1 port 5001 [ 3]   0.0-10.2 sec   1359872 Bytes   1064272 bits/sec 

 Server side:

#iperf -s

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 33453 [ ID]   Interval          Transfer       Bandwidth [852]   0.0-10.6 sec   920 KBytes   711 Kbits/sec 

 Top of the page

 Bi-directional bandwidth measurement: (-r argument)

The Iperf server connects back to the client allowing the bi-directional bandwidth measurement. By default, only the bandwidth from the client to the server is measured.If you want to measure the bi-directional bandwidth simultaneously, use the -d keyword. (See next test.) 

 Client side:

#iperf -c 10.1.1.1 -r

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 5] local 10.6.2.5 port 35726 connected with 10.1.1.1 port 5001 [ 5]   0.0-10.0 sec   1.12 MBytes   936 Kbits/sec [ 4] local 10.6.2.5 port 5001 connected with 10.1.1.1 port 1640 [ 4]   0.0-10.1 sec   74.2 MBytes   61.7 Mbits/sec 

 Server side:

#iperf -s

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 54355 [ ID]   Interval          Transfer        Bandwidth [852]   0.0-10.1 sec   1.15 MBytes   956 Kbits/sec ------------------------------------------------------------ Client connecting to 10.6.2.5, TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [824] local 10.1.1.1 port 1646 connected with 10.6.2.5 port 5001 [ ID]   Interval          Transfer        Bandwidth [824]   0.0-10.0 sec   73.3 MBytes   61.4 Mbits/sec 

 Simultaneous bi-directional bandwidth measurement: (-d argument)Also check the "Jperf" section.

To measure the bi-directional bandwidths simultaneousely, use the -d argument. If you want to test the bandwidths sequentially, use the -r argument (see previous test).By default (ie: without the -r or -d arguments), only the bandwidth from the client to the server is measured. 

 Client side:

#iperf -c 10.1.1.1 -d

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 5] local 10.6.2.5 port 60270 connected with 10.1.1.1 port 5001 [ 4] local 10.6.2.5 port 5001 connected with 10.1.1.1 port 2643 [ 4] 0.0-10.0 sec 76.3 MBytes 63.9 Mbits/sec [ 5] 0.0-10.1 sec 1.55 MBytes 1.29 Mbits/sec 

 Server side:

#iperf -s

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 60270 ------------------------------------------------------------ Client connecting to 10.6.2.5, TCP port 5001 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [800] local 10.1.1.1 port 2643 connected with 10.6.2.5 port 5001 [ ID]   Interval          Transfer       Bandwidth [800]   0.0-10.0 sec   76.3 MBytes   63.9 Mbits/sec [852]   0.0-10.1 sec   1.55 MBytes   1.29 Mbits/sec 

 TCP Window size: (-w argument)

The TCP window size is the amount of data that can be buffered during a connection without a validation from the receiver. It can be between 2 and 65,535 bytes.On Linux systems, when specifying a TCP buffer size with the -w argument, the kernel allocates double as much as indicated. 

 Client side:

#iperf -c 10.1.1.1 -w 2000

WARNING: TCP window size set to 2000 bytes. A small window size will give poor performance. See the Iperf documentation. ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 3.91 KByte (WARNING: requested 1.95 KByte) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 51400 connected with 10.1.1.1 port 5001 [ 3]   0.0-10.1 sec   704 KBytes   572 Kbits/sec 

 Server side:

#iperf -s -w 4000

------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 3.91 KByte ------------------------------------------------------------ [852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 51400 [ ID]   Interval          Transfer       Bandwidth [852]   0.0-10.1 sec   704 KBytes   570 Kbits/sec 

 Communication port (-p), timing (-t) and interval (-i):

The Iperf server communication port can be changed with the -p argument. It must be configured on the client and the server with the same value, default is TCP port 5001. The -t argument specifies the test duration time in seconds, default is 10 secs. The -i argument indicates the interval in seconds between periodic bandwidth reports. 

 Client side:

#iperf -c 10.1.1.1 -p 12000 -t 20 -i 2

------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 12000 TCP window size: 16.0 KByte (default) 

------------------------------------------------------------ [ 3] local 10.6.2.5 port 58316 connected with 10.1.1.1 port 12000 [ 3]    0.0- 2.0 sec    224 KBytes    918 Kbits/sec [ 3]    2.0- 4.0 sec    368 KBytes    1.51 Mbits/sec [ 3]    4.0- 6.0 sec    704 KBytes    2.88 Mbits/sec [ 3]    6.0- 8.0 sec    280 KBytes    1.15 Mbits/sec [ 3]    8.0-10.0 sec    208 KBytes    852 Kbits/sec [ 3]   10.0-12.0 sec   344 KBytes    1.41 Mbits/sec [ 3]   12.0-14.0 sec   208 KBytes    852 Kbits/sec [ 3]   14.0-16.0 sec   232 KBytes    950 Kbits/sec [ 3]   16.0-18.0 sec   232 KBytes    950 Kbits/sec [ 3]   18.0-20.0 sec   264 KBytes    1.08 Mbits/sec [ 3]    0.0-20.1 sec   3.00 MBytes   1.25 Mbits/sec 

 Server side:

#iperf -s -p 12000

------------------------------------------------------------ Server listening on TCP port 12000 TCP window size: 8.00 KByte (default) ------------------------------------------------------------ [852] local 10.1.1.1 port 12000 connected with 10.6.2.5 port 58316 [ ID] Interval Transfer Bandwidth [852]   0.0-20.1 sec   3.00 MBytes   1.25 Mbits/sec 

 UDP tests: (-u), bandwidth settings (-b)Also check the "Jperf" section.

The UDP tests with the -u argument will give invaluable information about the jitter and the packet loss. If you don't specify the -u argument, Iperf uses TCP. To keep a good link quality, the packet loss should not go over 1 %. A high packet loss rate will generate a lot of TCP segment retransmissions which will affect the bandwidth.

The jitter is basically the latency variation and does not depend on the latency. You can have high response times and a very low jitter. The jitter value is particularly important on network links supporting voice over IP (VoIP) because a high jitter can break a call.The -b argument allows the allocation if the desired bandwidth. 

 Client side:

#iperf -c 10.1.1.1 -u -b 10m

------------------------------------------------------------ Client connecting to 10.1.1.1, UDP port 5001 Sending 1470 byte datagrams UDP buffer size: 108 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 32781 connected with 10.1.1.1 port 5001 [ 3]   0.0-10.0 sec   11.8 MBytes   9.89 Mbits/sec [ 3] Sent 8409 datagrams [ 3] Server Report: [ 3]   0.0-10.0 sec   11.8 MBytes   9.86 Mbits/sec   2.617 ms   9/ 8409   (0.11%) 

 Server side:

#iperf -s -u -i 1

------------------------------------------------------------ Server listening on UDP port 5001 Receiving 1470 byte datagrams UDP buffer size: 8.00 KByte (default) ------------------------------------------------------------ [904] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 32781 [ ID]   Interval         Transfer        Bandwidth         Jitter        Lost/Total Datagrams [904]   0.0- 1.0 sec   1.17 MBytes   9.84 Mbits/sec   1.830 ms   0/ 837   (0%) 

[904]   1.0- 2.0 sec   1.18 MBytes   9.94 Mbits/sec   1.846 ms   5/ 850   (0.59%) [904]   2.0- 3.0 sec   1.19 MBytes   9.98 Mbits/sec   1.802 ms   2/ 851   (0.24%) [904]   3.0- 4.0 sec   1.19 MBytes   10.0 Mbits/sec   1.830 ms   0/ 850   (0%) [904]   4.0- 5.0 sec   1.19 MBytes   9.98 Mbits/sec   1.846 ms   1/ 850   (0.12%) [904]   5.0- 6.0 sec   1.19 MBytes   10.0 Mbits/sec   1.806 ms   0/ 851   (0%) [904]   6.0- 7.0 sec   1.06 MBytes   8.87 Mbits/sec   1.803 ms   1/ 755   (0.13%) [904]   7.0- 8.0 sec   1.19 MBytes   10.0 Mbits/sec   1.831 ms   0/ 850   (0%) [904]   8.0- 9.0 sec   1.19 MBytes   10.0 Mbits/sec   1.841 ms   0/ 850   (0%) [904]   9.0-10.0 sec   1.19 MBytes   10.0 Mbits/sec   1.801 ms   0/ 851   (0%) [904]   0.0-10.0 sec   11.8 MBytes   9.86 Mbits/sec   2.618 ms   9/ 8409  (0.11%) 

 Maximum Segment Size (-m argument) display:

The Maximum Segment Size (MSS) is the largest amount of data, in bytes, that a computer can support in a single, unfragmented TCP segment.It can be calculated as follows:MSS = MTU - TCP & IP headersThe TCP & IP headers are equal to 40 bytes.The MTU or Maximum Transmission Unit is the greatest amount of data that can be transferred in a frame.Here are some default MTU size for different network topology:Ethernet - 1500 bytes: used in a LAN. PPPoE - 1492 bytes: used on ADSL links. Token Ring (16Mb/sec) - 17914 bytes: old technology developed by IBM. Dial-up - 576 bytes 

Generally, a higher MTU (and MSS) brings higher bandwidth efficiency

 Client side:

#iperf -c 10.1.1.1 -m

------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 41532 connected with 10.1.1.1 port 5001 [ 3]   0.0-10.2 sec   1.27 MBytes   1.04 Mbits/sec [ 3] MSS size 1448 bytes (MTU 1500 bytes, ethernet) 

Here the MSS is not equal to 1500 - 40 but to 1500 - 40 - 12 (Timestamps option) = 1448

 Server side:

#iperf -s

 Maximum Segment Size (-M argument) settings:

Use the -M argument to change the MSS. (See the previous test for more explanations about the MSS)

#iperf -c 10.1.1.1 -M 1300 -m

WARNING: attempt to set TCP maximum segment size to 1300, but got 536 ------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 41533 connected with 10.1.1.1 port 5001 [ 3]   0.0-10.1 sec   4.29 MBytes   3.58 Mbits/sec [ 3] MSS size 1288 bytes (MTU 1328 bytes, unknown interface) 

 Server side:

#iperf -s

 Parallel tests (-P argument):

Use the -P argument to run parallel tests.

 Client side:

#iperf -c 10.1.1.1 -P 2

------------------------------------------------------------ Client connecting to 10.1.1.1, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.6.2.5 port 41534 connected with 10.1.1.1 port 5001 [ 4] local 10.6.2.5 port 41535 connected with 10.1.1.1 port 5001 [ 4]     0.0-10.1 sec   1.35 MBytes   1.12 Mbits/sec [ 3]     0.0-10.1 sec   1.35 MBytes   1.12 Mbits/sec [SUM]  0.0-10.1 sec   2.70 MBytes   2.24 Mbits/sec 

 Server side:

#iperf -s

 Iperf help:

#iperf -h

Usage: iperf [-s|-c host] [options] iperf [-h|--help] [-v|--version] 

Client/Server: 

-f-i-l-m-p-u-w-B-C-M-N-V

--format --interval --len --print_mss --port --udp --window --bind --compatibility --mss --nodelay --IPv6Version

[kmKM] # #[KM]   #   #[KM] "host"   #    

format to report: Kbits, Mbits, KBytes, MBytes seconds between periodic bandwidth reports length of buffer to read or write (default 8 KB) print TCP maximum segment size (MTU - TCP/IP header) server port to listen on/connect to use UDP rather than TCP TCP window size (socket buffer size) bind to "host", an interface or multicast address for use with older versions does not sent extra msgs set TCP maximum segment size (MTU - 40 bytes) set TCP no delay, disabling Nagle's Algorithm Set the domain to IPv6

Server specific: 

-s-U-D

--server --single_udp --daemon

                 

run in server mode run in single threaded UDP mode run the server as a daemon

Client specific: 

-b --bandwidth      #[KM]   for UDP, bandwidth to send at in bits/sec (default 1 Mbit/sec, implies -u) 

-c-d-n-r-t-F-I-L-P-T

--client --dualtest --num --tradeoff --time --fileinput --stdin --listenport --parallel --ttl

"host"   #[KM]   # "name"   # # #

run in client mode, connecting to "host" Do a bidirectional test simultaneously number of bytes to transmit (instead of -t) Do a bidirectional test individually time in seconds to transmit for (default 10 secs) input the data to be transmitted from a file input the data to be transmitted from stdin port to recieve bidirectional tests back on number of parallel client threads to run time-to-live, for multicast (default 1)

Miscellaneous: 

-h-v

--help --version

                    

print this message and quit print version information and quit

 Top of the page

 

JPERF

Jperf is a graphical frontend for Iperf written in Java.

 1. Installation:

Download Jperf. 

 Linux

Uncompress the downloaded file: 

#tar -xvf jperf2.0.0.zip

Launch Jperf. 

#cd jperf2.0.0#./jperf.sh

If you have the following message, it means that you need to install Iperf with: "apt-get install iperf"

Iperf is probably not in your Path!Please download it here 'http://dast.nlanr.net/Projects/Iperf/'

and put the executable in your PATH environment variable. 

 Microsoft Windows

Uncompress the downloaded file with your favorite program.Access the uncompressed folder called by default "jperf2.0.0" and double-click on "jperf.bat". Note that the iperf utility is already present in the /bin folder.

 2. Examples:

 Default settings, bandwidth measurement:Also check "Iperf" section for more details.

- Linux client:

- Windows server:

 Simultaneous bi-directional bandwidth measurement:

Also check "Iperf" section for more details.

- Linux client:

- Windows server:

 Top of the page      Jperf

 Jitter measurement:

Also check "Iperf" section for more details.

- Linux client:

- Windows server:

http://openmaniak.com/jperf/jperf_win_jitter.gif

Iperf Tool

Definition

Iperf is the network   tool  which is used to verify the wired and wireless link bandwidth and throughput. The

tool is helpful to check the health of the link, common thing people do is blame service   providers  when they

face any issue but it’s possible that problem could be at customer premises. End-to-end status can be

checked for both TCP and UDP will be discussed shortly in the below section.

Iperf is available for windows and Linux and can be easily available on internet for free of cost. It is an

executable file not requires any installation just directly run it as a server and client means two systems are

necessary for the process with the iperf running as a server in one machine and client on second machine.

Wikipedia Definition

Iperf is a commonly used network testing tool that can create TCP and UDP data streams and measure the

throughput of a network that is carrying them. Iperf is a modern tool for network performance measurement

written in C++.

Iperf allows the user to set various parameters that can be used for testing a network, or alternately for

optimizing or tuning a network. Iperf has a client and server functionality, and can measure the throughput

between the two ends, either unidirectonally or bi-directionally. It is open source software and runs on

various platforms including linux, unix and windows. It is supported by the National Laboratory for Applied

Network Research.

When used for testing udp capacity, Iperf allows the user to specify the datagram size and provides results

for the datagram throughput and the packet loss.

When used for testing tcp capacity, Iperf measures the throughput of the payload. One thing to note is that

Iperf uses 1024*1024 for Megabytes and 1000*1000 for Megabits. There is a GUI front end available called

jperf.

Typical Iperf output contains a timestamped report of the amount of data transferred and the throughput

measured.

Iperf is significant as it is a standardized tool that can be run over any network and output standardized

performance measurements. Thus it can be used for comparison of wired and wireless networking

equipment and technologies in an unbiased way. As it is open source, the measurement methodology can

be scrutinized by users.

 

 

Sequential flow 

Figure-1 Infrastructure of the network

 

1. Connect host A and Host B with an Ethernet Cross cable (100 Mbps).

2. Assign IP addresses to host A and Host B.

Figure-2 Assigning IP to Host A and Host B

CHECK BANDWIDTH OF LINK

Host A IP Configuration Host B IP Configuration

  

3. The location of Iperf.exe is C drive.

Figure-4 iperf.exe location

 

4. Run Iperf as a Server on Host A as shown in the figures below.

Figure-5 Open command prompt on Host A

 

Figure-6 Run server process of Iperf on Host A

 

5. Now Host A working as a Server.

 

Figure-7 Iperf Process running on Host A

 

IPERF PROCESS

6. Server is prepared to listen for client connection, which will be in that case is Host

B running the client process as shown in the figures below.

Figure-8 Iperf.exe location on Host B (Client)

 

IPERF.EXE

Figure-9 Check the status of server

 

RUN DIALOG

Figure-10 Open the command prompt on client

 

Figure-11 Running Iperf process on Host A to connect Iperf Server

 

NOTE: To connect client with server, Ip address should be provided in correct format, host A must running

the server iperf process to listen for the client connection or connections on port 5001 by default.

 

7. Figure-11 displaying the result of default file transfer from client machine (Host B) to server machine (Host

A). Client machine using port 1063 to connect on the listening port of server which is by default port 5001.

The link bandwidth is 94.4 Mbits/sec Client transfers 113 Mbytes file to server as shown in the figure.

Figure-11 Transferring word document from client to server

 

Figure-12 transferring audio Mp3 format file from client to server

 

 

Figure-13 transferring Video Avi format file from client to server

 

Figure-14 Transferring movie file by establishing parallel connection with server

  

Figure-15 Messages on the server machine

 

8. To check the summary of commands use help.

Figure-16 Summary of commands in Iperf

Packet analyzerFrom Wikipedia, the free encyclopedia

This article relies largely or entirely upon a single source. Please help improve this article by introducing appropriate citations to additional sources. (November 2008)

A packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular

types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece

of computer hardware that can intercept and log traffic passing over a digitalnetwork or part of a

network.[1] As data streams flow across the network, the sniffer captures each packet and, if

needed, decodes and analyzes its content according to the appropriate RFC or other

specifications.

Contents

 [hide]

1   Capabilities

2   Uses

3   Notable free packet analyzers

4   Notable commercial packet analyzers

5   See also

6   References

7   External links

[edit]Capabilities

On wired broadcast LANs, depending on the network structure (hub or switch), one can capture traffic

on all or just parts of the network from a single machine within the network; however, there are some

methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the

network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all

data packets in a LAN by using a network switch with a so-called monitoring port, whose purpose is to

mirror all packets passing through all ports of the switch when systems (computers) are connected to a

switch port.

On wireless LANs, one can capture traffic on a particular channel.

On wired broadcast and wireless LANs, to capture traffic other than unicast traffic sent to the machine

running the sniffer software, multicasttraffic sent to a multicast group to which that machine is listening,

and broadcast traffic, the network adapter being used to capture the traffic must be put

into promiscuous mode; some sniffers support this, others don't. On wireless LANs, even if the adapter

is in promiscuous mode, packets not for the service set for which the adapter is configured will usually

be ignored. To see those packets, the adapter must be inmonitor mode.

The captured information is decoded from raw digital form into a human-readable format that permits

users of the protocol analyzer to easily review the exchanged information. Protocol analyzers vary in

their abilities to display data in multiple views, automatically detect errors, determine the root causes of

errors, generate timing diagrams, etc.

Some protocol analyzers can also generate traffic and thus act as the reference device; these can act

as protocol testers. Such testers generate protocol-correct traffic for functional testing, and may also

have the ability to deliberately introduce errors to test for the DUT's ability to deal with error conditions.

[edit]Uses

The versatility of packet sniffers means they can be used to:

Analyze network problems

Detect network intrusion attempts

Detect network misuse by internal and external users

Documenting regulatory compliance through logging all perimeter and endpoint traffic

Gain information for effecting a network intrusion

Isolate exploited systems

Monitor WAN bandwidth utilization

Monitor network usage (including internal and external users and systems)

Monitor data-in-motion

Monitor WAN and endpoint security status

Gather and report network statistics

Filter suspect content from network traffic

Serve as primary data source for day-to-day network monitoring and management

Spy on other network users and collect sensitive information such as passwords (depending

on any content encryption methods which may be in use)

Reverse engineer  proprietary protocols used over the network

Debug client/server communications

Debug network protocol implementations

Verify adds, moves and changes

Verify internal control system effectiveness (firewalls, access control, Web filter, Spam filter,

proxy)

[edit]Notable free packet analyzers

For a more comprehensive list, see Comparison of packet analyzers .

Capsa  Free

Cain and Abel

dSniff

ettercap

Microsoft Network Monitor

ngrep  Network Grep

snoop

tcpdump

Wireshark  (formerly known as Ethereal)

[edit]Notable commercial packet analyzers

Capsa  Enterprise

Carnivore

Clarified Analyzer

CommView  by TamoSoft

Congruity Inspector Software

Fluke Lanmeter

NetScout  Sniffer Global Analyzer

NetScout  Sniffer Portable Professional Analyzer

Network Instruments  Observer

Niksun  NetDetector

OPNET Technologies  ACE Analyst

SkyGrabber

WildPackets OmniPeek (old name AiroPeek, EtherPeek)