VisualSniffer is a powerful packet capture tool and protocol analyzer for Windows system. VisualSniffer can be used by LAN administrators, and security professionals for network fault analysis, performance analysis, intrusion detection, and network traffic logging. It can also be used by network programmers, or others to get a full picture of the network traffic. It is free.

Screen Shots

Statistics - Display packet distributions by time, MAC address, IP address and protocol

Packet decoding - Display Frame Header, IP Header, UDP Header, and NetBios NS Header of a NetBios NS packet. VisualSniffer decodes the following protocols: ARP, DNS, EGP, GGP, GRE, ICMP, IGMP, IGRP, IPv4, IPv6, NetBIOS, PIM, RDP, RSVP, SNAP, SNMP, TCP, UDP.

Click to enlarge

Scheduler - VisualSniffer scheduler lets you schedule regular capture tasks. The scheduler is a front-end interface to Microsoft Scheduler.

Rule Manager - VisualSniffer can perform protocol analysis, content searching/matching based on user defined rules in real-time and notify users by e-mail, sound, and text message when intrusion is detected. VisualSniffer provides hundreds of built-in rules for detecting a variety of attacks and probes, such as buffer overflows, port scans, CGI attacks, OS fingerprinting attempts, and much more.

Data Manager - VisualSniffer saves all captured data into a cache file and only load visible data into memory.Therefore, VisualSniffer can handle huge captured data, but doesn't require large memory. It also has a data management tool similar to that of Event Manager in Windows. You can also set up filters to receive only subsets of the network traffic.