Recently I started a course about cybersecurity and honestly, I find the topic very interesting. One of the modules of the course talks about packet analyzers to inspect the traffic in a network.
So, I started to look for the most used Packet Analyzers in the market and found Tcpdump and Wireshark. But I wanted to find out if there are any others. I didn't find many alternatives, but two others like Sniffnet and Arkime.
Also, I want to make clear that I'm new to this topic, and I'm not an expert or a cybersecurity professional.
What is a packet analyzer?
As it says on this Wikipedia page, a packet analyzer, also known as a packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic.
Tcpdump
According to this Wikipedia page, tcpdump is a free data-network packet analyzer command line interface. That allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Wireshark
Wireshark is one of the world's most used network protocol analyzers. It lets you see what's happening on your network at a microscopic level. Sometimes it is the de facto standard across many industries and educational institutions.
Wireshark is a project that started in 1998 and is continuously developing thanks to the contributions of networking experts across the globe.
Sniffnet
Sniffnet is a completely free and open-source desktop application written in Rust using Iced. This a relatively new project that started in 2022.
Features:
Choose a network adapter for your PC to inspect
Select a set of filters to apply to the observed traffic.
View overall statistics about your Internet traffic.
View real-time charts about traffic intensity (bytes and packets per second, incoming and outgoing).
Get details about domain names and network providers of the hosts you are exchanging traffic with.
Identify connections in your local network.
Get information about the country of the remote hosts (IP geolocation).
Save your favorite network hosts.
Set custom notifications to inform you when defined network events occur.
Choose the style that fits you the most from 4 different available themes.
Inspect each of your network connections in real time.
Save complete textual reports with detailed information for each network connection:
Source and destination IP addresses.
Source and destination ports.
Carried protocols.
Amount of exchanged packets and bytes.
Initial and final timestamp of information exchange.
Arkime
Arkime is an open-source, large-scale, full packet capturing, indexing, and database system written in Javascript.
As its README says:
Arkime exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Arkime stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.
Arkime is built to be deployed across many systems and can scale to handle tens of gigabits/sec of traffic.
Conclusion
This was not an extensive list, and probably there a more open source packet analyzers. Still, the ones in this article are really good options to explore if you are interested in cybersecurity and forensics.