Microsoft’s Network Monitor 3.3 is very cool
I’m certainly no expert with WireShark by any stretch of the imagination, but Microsoft’s Network Monitor may give it a run for it’s money (err, not money since it’s open-source).
One of the most unique features that I found is the ability to sort the traffic by application. This is a feature that I hadn’t ever seen in other gui packet capture applications.
With version 3.3, Microsoft has added the ability to make comments on frames. This is an incredibly cool feature that allows you to share a packet capture with different people, and they are able to see your saved notes and comments on particular parts of the capture.
In my opinion, the user interface is also a spot where this application shines. There’s an incredible amount of data captured, and the designers have made it easy to manipulate and understand it in a variety of manners.
Microsoft has even created an API for Network Monitor, meaning that you can write an application to automate your captures. This is a huge deal in my opinion. I could imagine using this along with an IDS to have an application that receives events from an IDS and kicks off an automated packet capture when suspicious activity is detected. Very cool indeed.
This utility has definitely found a spot on my laptop. Now I just need a Linux version!