What packet sniffer would you recommend using, especially in a 50+ workstation environment? I am a fan of Wireshark but it's got quite a bit of security history. Is there something better?


I haven't run into anything free that is better. My work it too cheap to pay for a sniffer when Wireshark is so good at what it does. Yes, it seems Wireshark has a new vuln against a decoder every other day or so, but that kind of thing happens when you're by far the top package in a field like this. Yes, I'd like them to update a bit more often. But the sheer utility of Wireshark makes me keep using it.


I use Wireshark on Windows all the time - with a SPAN session or similar, plus cunning use of capture/display filters, you can get it to tell you pretty much anything you need. And you can make pretty graphs for your boss, too. What did you mean by 'security history'?


I don't use this stuff nearly as much as I used to, but I always liked Microsoft Network Monitor when I needed a free protocol analyzer to track down a problem. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f