Latest posts by Michael Pietroforte (see all)
- Result of the 4sysops 2016 topic poll - Tue, Apr 5 2016
- New free eBooks for SysAdmins and DevOps – VMware NSX, Windows 10, SQL Server 2016 - Mon, Mar 14 2016
- Introducing the 4sysops IT pro network - Tue, Mar 1 2016
There are so many good free packet sniffers. Most noteworthy are Network Monitor, Wireshark , and SmartSniff. IPMon is a much simpler tool. Although it does not even allow you to view the payload of IP packets, this free IP monitoring tool can be useful in situations where a full-blown packet sniffer would be overkill.
IPMon, which belongs to the NT Toolkit suite, is available as a command line utility and GUI tool (IPMon+) for Windows, Linux, FreeBSD, and OS X. The utility monitors all IP traffic on local network interfaces.
What I like is that repetitive traffic is grouped. Thus if a remote computer connects to multiple ports on the local host, IPMon only displays it as one connection. In a way, the tool works like netstat and similar tools. The main difference is that IPMon works with the WinpCap driver, so it will see packets even if they are blocked by the firewall. It operates on a lower level and as such is more accurate. Another advantage is that you get a timestamp for each connection. This can be quite helpful for troubleshooting client-server communication where you only want to know if certain connections are established or not when you perform certain actions.
IPMon+ displays the protocol (TCP, UDP, ICMP, ARP), the source and destination IP, the source and destination ports, and the transmitted bytes. You can filter the ports according to protocols and ports. Also useful is that you can copy / paste from the output (e.g. into Excel) as well as sort output by clicking on columns.
Note that IPMon requires the WinPcap network driver on Windows. All the other operating systems usually already include the pcap libraries.