Stand Alone Companion Tools to Wireshark

Wireshark is a powerful network protocol analyzer used by network professionals for troubleshooting, analysis, development, and education.

Companion tools can enhance its functionality or help in related tasks. If you are looking for hard tools we have a list of what we carry in our “go bag” here.

Here are some websites and tools that can be seen as companions to Wireshark:

learn wireshark
  1. Tcpdump & Libpcap (https://www.tcpdump.org/): These are foundational tools for capturing or filtering packets from the command line. Tcpdump works closely with libpcap, a portable C/C++ library for network traffic capture. Together, they offer a more lightweight option for packet analysis, which can be used in conjunction with Wireshark for deeper analysis.
  2. Nmap (https://nmap.org/): Nmap is a network scanning tool that can discover devices and services on a network. It’s useful for identifying open ports and detecting devices that are present on the network. Nmap scans can be imported into Wireshark for detailed packet analysis.
  3. Network Miner (https://www.netresec.com/?page=NetworkMiner): NetworkMiner is a Network Forensic Analysis Tool (NFAT) that can parse PCAP files and extract file transfers, certificates, and usernames/passwords sent in clear text. It complements Wireshark by focusing on forensic analysis and presenting data in an easily digestible format. Install Network Miner on Windows Laptop (can run in WINE for Linux)
  4. Netflow — Official Cisco NetFlow Page: Cisco’s NetFlow Documentation NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information and monitoring network traffic. By enabling NetFlow on network devices like routers and switches, administrators can get detailed insights into the types of traffic flowing through their networks, including source and destination of traffic, class of service, and the causes of congestion. nfpcapd -r *.pcap -l ./output/ then nfdump on github
  5. TShark (Part of Wireshark): TShark is the command-line version of Wireshark. It allows for packet capture and analysis in environments where a GUI is not available or practical. Its functionality aligns closely with Wireshark, offering similar filtering and display capabilities in a command-line interface.
  6. Zeek (formerly Bro) (https://zeek.org/): Zeek is a powerful network analysis framework that is different from signature-based security monitoring systems. It’s more about understanding the high-level network activity. The data it produces can be used alongside Wireshark to gain insights into network traffic patterns and behaviors.
  7. Brim – Brim Data https://www.brimdata.io – can compare Zeek and Suricata data output look on github
  8. Snort (https://www.snort.org/): Snort is an open-source network intrusion detection system (NIDS) capable of performing real-time traffic analysis and packet logging. While Snort itself is more about detecting network intrusions, the packets it captures can be analyzed in Wireshark for further investigation.
  9. Suricatahttps://suricata.io/ Suricata is an open-source Network Threat Detection Tool (NTD), functioning as an Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) solution. Developed by the Open Information Security Foundation (OISF) and supported by a community of security experts, Suricata is designed to inspect network traffic in real-time, identify potential threats based on a set of pre-defined rules, and can log, alert, or block malicious activities accordingly. Simple rule set creation – like ACL – create signatures for certain events in a packet capture
  10. tcpflow (https://github.com/simsong/tcpflow): tcpflow is a tool that captures data transmitted as part of TCP connections (flows), then stores the data for protocol analysis with tools like Wireshark. It simplifies the process of capturing continuous streams of data.
  11. CloudShark (https://www.cloudshark.org/): CloudShark allows you to upload and analyze pcap files online. It provides a web-based interface to view and analyze network traffic captured in pcap files, similar to Wireshark, but without the need to install any software.

Each of these tools has its unique strengths and can be used alongside Wireshark to provide a more comprehensive network analysis solution.

We have recommended networking tools in other articles: (Web Sites that can be used as companion tools to Wireshark) (General list of Networking Tools) but wanted to put a list of tools for Wireshark users to consider as companion tools.

Comments are welcomed below from registered users.  If you would like to see more content and articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!

Leave a Comment

Contact Us Here


Please verify.
Validation complete :)
Validation failed :(
 
Your contact request has been received. We usually respond within an hour, but please be patient. We will get back to you very soon.
Scroll to Top