WildPackets is best known for corporately priced advanced network analysis tools. Could this be about to change thanks to their first commercially developed, yet free, expert network analyzer? We take a look at OmniPeek Personal to find out.
There is a new version of the Google Map Plugin available now for OmniPeek that maps all the captured nodes and refreshes at an interval of the users choosing. It is addicting, particularly when used with the Remote TCPDump Adapter to capture packets from your web server.
We are now working on the next version that will map expert events to the Google Map as well. Lots of possibilties here and keep in mind we have published the source code to the Google Map Plugin as well as many of the other plugins on the WildPackets Developer Network.
Fair read...just a note; the wireless analyzer does in fact capture control/management traffic with a supported adapter and driver. You may have been capturing traffic from an unsupported adapter -this method of capture will only 'see' traffic on your associated connection and converts wireless frames to Ethernet frames, excluding management traffic...much like Ethereal would -oops, I mean 'Wireshark' would without a supported wireless driver/adapter.
This article should be titled "A review of OmniPeek Personal". This article is very heavy on OmniPeek and very light on WireShark (incomplete).
The following statement is incorrect (on Page 3):
"All too often free network analysis tools require the ongoing analysis to be stopped in order to be able to change what is being looked at." Correction: Wireshark can also do this. Within the Display options for the interface, select 'Update list of packets in real time' as well as 'Auto-Scrol'. These options can be enabled globally via Edit Preferences, Capture. (the developers of WireShark give you several options here). Now, lets say you want to see something in particular, (while a capture is running), click statistics, conversations and then tcp (just as an example) apply as filter, selected, a<->b. Now you are looking at only those specific ip addresses and the information in your window will update based on the filter.
With WireShark you can also get real time troubleshooting. While capturing packets, right off the bat from Wireshark, I see a tcp window update analysis. Another example, with TCP, you can perform a filter using the tcp.analysis filters (I'm just focusing on tcp as an example).
Filter creation is just a right click away within WireShark. Right click select follow tcp stream. Or right click, apply as filter or prepare as filter - both are great options.
There's a reason for not performing analysis while capturing packets. The reason is that eventually you will hit a breaking point in which utilization exceeds that capability to perform analysis on every packet passing by. Hence your packet capture utility may be dropping packets on you and giving you false information. I can't say for sure whether either one of these tools performs well in this scenario, I just wanted to provide a reason as to why some tools do not show packets as they are capturing. Displayig expert information while grabbing packets has its price to be paid at some point.