本文出自Simmy的个人blog:西米在线 http://simmyonline.com/archives/69.html

A simple search on SecurityFocus ( [url]www.securityfocus.org/tools/category/4[/url]) shows
the diversity and number of sniffers available. Some of the most prominent are:
■ Wireshark Wireshark is one of the best sniffers available and is being
developed as a free, commercial-quality sniffer. It has numerous features, a
nice graphical user interface (GUI), decodes over 400 protocols, and is
actively being developed and maintained. It runs on UNIX-based systems,
Mac OS X, and Windows.This is a great sniffer to use in a production
environment, and is available at [url]www.wireshark.org[/url].
[url]www.syngress.com[/url]
8 Chapter 1 • Introducing Network Analysis
Figure 1.2 Sniffing a Connection
■ WinDump WinDump is the Windows version of tcpdump, and is available
at [url]www.winpcap.org/windump[/url]. It uses the WinPcap library and runs
on Windows 95, 98, ME, NT, 2000, and XP.
■ Network General Sniffer A Network General Sniffer is one of the most
popular commercial sniffers available.Now a suite of enterprise network capture
tools, there is an entire Sniffer product line at [url]www.networkgeneral.com[/url].
■ Windows 2000 and 2003 Server Network Monitor Both the
Windows 2000 Server and the Windows 2003 Server have a built-in program
to perform network analysis. It is located in the “Administrative
Tools” folder, but is not installed by default; therefore, you have to add it
from the installation CD.
■ EtherPeek EtherPeek is a commercial network analyzer developed by
WildPackets.Versions for both Windows and Mac, and other network analysis
products can be found at [url]www.wildpackets.com[/url].
■ Tcpdump Tcpdump is the oldest and most commonly used network
sniffer, and was developed by the Network Research Group (NRG) of the
Information and Computing Sciences Division (ICSD) at Lawrence
Berkeley National Laboratory (LBNL). It is command line-based and runs
on UNIX-based systems, including Mac OS X. It is actively developed and
maintained at [url]www.tcpdump.org[/url].
■ Snoop Snoop is a command-line network sniffer that is included with the
Sun Solaris OS.
■ Snort Snort is a network IDS that uses network sniffing, and is actively
developed and maintained at [url]www.snort.org[/url]. For more information, refer
to Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security
Applications (Syngress Publishing: 1597490202) and Snort Intrusion Detection
and Prevention Toolkit (Syngress, ISBN: 1597490997).
■ Dsniff Dsniff is a very popular network-sniffing package. It is a collection
of programs that are used to specifically sniff for interesting data (e.g., passwords)
and to facilitate the sniffing process (e.g., evading switches). It is
actively maintained at [url]www.monkey.org/~dugsong/dsniff[/url].
■ Ettercap Ettercap was specifically designed to sniff a switched network. It
has built-in features such as password collecting, OS fingerprinting, and
character injection, and runs on several platforms including Linux,
Windows, and Solaris. It is actively maintained at ettercap.sourceforge.net.
[url]www.syngress.com[/url]
Introducing Network Analysis • Chapter 1 9
■ Analyzer Analyzer is a free sniffer that is used for the Windows OS. It is
being actively developed by the makers of WinPcap and WinDump at
Politecnico di Torino, and can be downloaded from analyzer.polito.it.
■ Packetyzer Packetyzer is a free sniffer (used for the Windows OS ) that
uses Wireshark’s core logic. It tends to run a version or two behind the current
release of Wireshark. It is actively maintained by Network Chemistry
at [url]www.networkchemistry.com/products/packetyzer.php[/url].
■ MacSniffer MacSniffer is specifically designed for the Mac OS X environment.
It is built as a front-end for tcpdump.The software is shareware
and can be downloaded from