Chris Sanders is a Senior Support Engineer for KeeFORCE, a technology consulting firm. Chris writes and speaks on various topics including packet analysis, network security, Microsoft technologies, and general network administration.

What are, in your opinion, the best tools for packet analysis?

If I were to be asked what tool I couldn't live without then it would definitely be Wireshark. Analyzing things at "the packet level" is really where the meat of network analysis is, and to do that you have to have a proper packet sniffing application. There are quite a few of these out there, but Wireshark has always been my favorite for several reasons. First, it is one of the most widely used and accepted packet sniffers, so support is pretty readily available through its large community. Secondly, it has a nice GUI for those who fear the command line, but provides a command line alternative in the form of tshark. Along with these two things, it also uses the WinPCap capture driver which puts capture packets in a standardized format so that they can be exported to other applications if the need arises, allowing for great flexibility. Throw in the fact that it is freely distributed and it is really hard to beat.


Outweighing all of these is the fact that Wireshark is what I am comfortable with. I have found several people who are completely ineffective with Wireshark and will only use an application such as tcpdump, which is absolutely fine. Again, it's all about what tools you are most comfortable with using.