Share via

ToolboxNew Products for IT Pros

Greg Steen

Analyze Network Traffic


A good network protocol analyzer allows you to get to the fundamentals of the network traffic on your infrastructure to see what is really happening under all those layers of interconnected applications. Perhaps the most well-known open source analyzer is Wireshark, which utilizes the open source WinPcap packet capture library for Windows and is derived from Ethereal, with Gerald Combs still on board.

With Wireshark, you can easily capture the traffic passing across a network interface and examine the details of each packet in an easy-to-use, graphical interface. Starting a new packet-capture session is as easy as selecting your interface and clicking start. The GUI displays the captured packets in a color-coded frame, which details the time, source, destination, protocol, and a predetermined description of the event in near real time. Clicking on a transmission highlights the detail and interprets the packet data into an easy-to-follow detail pane. Below that, you can see the raw packet data in hex and ASCII.

Once you have the dataset you need for your analysis, you can, of course, also save or export the session for later analysis. Wireshark can decode many different protocols, and should cover most of your troubleshooting needs.

Networks are noisy, and to help you filter through all that data, the application has a great expression-based filter feature, which lets you narrow your search by each parameter of a protocol. For example, you could filter out all traffic except that which is related to BitTorrent from and to specific IPs in your network. Or, the filters could allow you to easily sniff out which machine is causing network havoc by throwing out tons of bogus broadcast messages.

The interface also lets you easily flag packets for review and set a specific transmission as your time reference in the capture. One of my favorite features of Wireshark is the ability to follow a TCP stream by choosing that option on the context menu off the right-click of a TCP packet. This brings up a window with a color-coded and formatted text view of the TCP stream content, which is great for detecting Web application errors, bogus HTTP headers, or other TCP communication issues you may encounter. And from here, you can quickly print or save the conversation for later examination or demonstration.

I've only scratched the surface of the app's functionality. Wireshark is released under the GPL license; in addition to being available for Windows, it also has compiled binaries for most versions of Linux and FreeBSD.

Price: Free

Wireshark lets you analyze your complete network protocol

Wireshark lets you analyze your complete network protocol  (Click the image for a larger view)

Beef Up Windows PowerShell

PowerShell Community Extensions

If you've had a chance to really work with Windows PowerShellTM, you've probably noticed a few recurring patterns of execution for which it would be great to have a cmdlet or alias. To that end, a group of Windows PowerShell users and advocates from the open source community have created the PowerShell Community Extensions project, which wraps up commonly requested functionality into a distributable set of cmdlets, aliases, providers, functions, filters, and scripts

Some of the cmdlets included in the package are Get-Clipboard and Write-Clipboard, which let you add and retrieve the data on the clipboard buffer. Meanwhile, Get-DomainController retrieves a list of available domain controllers in the current domain, and Write-GZip and Write-Zip let you write GZIP or ZIP files.

You can create a new symbolic link or junction in Windows Vista or Windows Server® 2008 with New-Symlink and New-Junction, respectively. There's a useful DirectoryServices provider that gives you access to LDAP servers, such as Active Directory® and AssemblyCache, allowing you to access the Microsoft .NET Framework Global Assembly Cache and the assemblies within it.

There are also a number of great scripts. The Set-Writable and Set-ReadOnly scripts let you quickly change a file's read-only status. Get-Url makes a WebRequest and returns the WebResponse as a string, and Export-History dumps your command history to a .clixml file for later reuse. You can snag disk usage information with the Get-DiskUsage script or even make your computer speak with the fun Out-Speech command. And the package includes a good number of other useful functions such as Quote-List, which shortens your command-line typing, and Add-PathVariable, which can add a set of paths to a specified environment.

This project adds a very useful set of extensions to the standard Windows PowerShell environment. And if you happen to be a Windows PowerShell ninja, I am sure the project would be open to your contributions.

Price: Free

PowerShell Community Extension provides commonly requested functions

PowerShell Community Extension provides commonly requested functions  (Click the image for a larger view)

Greg Steen is a technology professional, entrepreneur, and enthusiast. He is always on the hunt for new tools to help make operations, QA, and development easier for the IT professional.

© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.