What are, in your opinion, the best tools for packet analysis?
If I were to be asked what tool I couldn't live without then it would definitely be Wireshark. Analyzing things at "the packet level" is really where the meat of network analysis is, and to do that you have to have a proper packet sniffing application. There are quite a few of these out there, but Wireshark has always been my favorite for several reasons. First, it is one of the most widely used and accepted packet sniffers, so support is pretty readily available through its large community. Secondly, it has a nice GUI for those who fear the command line, but provides a command line alternative in the form of tshark. Along with these two things, it also uses the WinPCap capture driver which puts capture packets in a standardized format so that they can be exported to other applications if the need arises, allowing for great flexibility. Throw in the fact that it is freely distributed and it is really hard to beat.
Outweighing all of these is the fact that Wireshark is what I am comfortable with. I have found several people who are completely ineffective with Wireshark and will only use an application such as tcpdump, which is absolutely fine. Again, it's all about what tools you are most comfortable with using.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.