Previously, purchasing a protocol analyzer was cost prohibitive for most. High-end analyzers such as Network General (now Network Associates), HP, Wandel and Golterman, and Shomiti cost thousands. Having personally spent over $50,000 on various analyzers, I am elated with the features and capabilities of FREE analyzers available today.
I'm particularly impressed with a free, Open Source analyzer called Wireshark and have decided to use it for the examples presented throughout this book. Though Wireshark's installation and user-interface can be cumbersome, it has very extensive decoding capabilities--often rivaling commercial analyzers.
Download Wireshark here:
Wireshark.WARNING: Protocol analyzers hook into kernel drivers at an extremely low level. They can also be very CPU and I/O intensive when used to monitor a busy network. I highly recommend you install your analyzer on a dedicated, non-critical host, and NOT on critical PCs or servers.
Also, analyzers enable you to view every byte of every packet that transits your network. Since sensitive communication is often unencrypted (e.g. email, telnet, etc..) make sure you are careful about who you allow to use an analyzer on your network and what you do with packet traces that you capture and save. If you are planning on using an analyzer on anything but your own personal network, you should discuss it first with your manager and/or legal counsel to ensure that it doesn't violate any privacy policies that may be in place.