![[CAIDA - Cooperative Association for Internet Data Analysis logo]](/images/caida_globe_faded.png)
![[CAIDA]](/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}
This section concerns tools for measuring Internet workload. A summary is
provided along with web page pointers
to more detailed information. Review comments are also included when available.
| co-sponsored by: |  |
Packet Analyzers (Hardware)
| Tool | Input | Measurement | Output | |
|---|---|---|---|---|
| Active / Passive |
Functions | |||
| HP/Agilent Advisor | LAN or WAN | both | current and peak bandwidth utilization; rtt, pkt loss, traffic generation | raw data for HP/Agilent software |
| InMon sFlow Probe | 1000Base-SX | both | flow measurement | Cisco NetFlow v5/ InMon sFlow |
| LinkView | 10BaseT, 100BaseTx | both | bandwidth dist, frame dist, err pkt dist, wire-speed traffic generator, graphical topology, protocol dist (350+) | Report Wizard |
| Shomiti Explorer | 10/100/Giga Ethernet | passive | pkt capture | raw data flow |
| Sniffer Pro | 10/100 Ether LAN; GigaEther; ATM; Packet over SONET | both | pkt capture, bandwidth utilization, protocol utilization, pkt and frame errs, traffic generation, | GUI |
Packet Analyzers (Software)
| Tool | Input | Measurement | Output | |
|---|---|---|---|---|
| Active / Passive |
Functions | |||
| EtherPeek | Ethernet, Fast Ethernet, or Gigabit Ethernet NIC (Windows 95/98/NT) | both | pkt capture, utilization by node and protocol, pkt filters, pkt generation, event triggers, plug-ins | GUI, HTML for stats |
| ettercap | switched LAN | passive with some active commands | sniff traffic on a selected connection; dissect protocols; collect passwords; fingerprint OS; kill a connection | text (black and white) or ncurses (color) |
| hping | ICMP echo; TCP, UDP, ICMP and RAW-IP protocols | active | TCP/IP packet assembler/analyzer; firewall testing; advanced port scanning; network testing;using different protocols, TOS, fragmentation; manual path MTU discovery; advanced traceroute, under all the supported protocols; remote OS fingerprinting; remote uptime guessing; TCP/IP stacks auditing | text |
| LanExplorer | Ethernet, Fast Ethernet, or Gigabit Ethernet NIC (Windows 95/98/NT) | passive | pkt capture, bandwidth utilization, protocol dist, packet size dist, protocol analysis | GUI |
| LANQuest Net/WRx | IP, Ethernet, GigaEther, Token ring, FDDI | both | bandwidth util, latency, pkt resends, data loss | GUI |
| LAN traffic monitor - RT | 10/100/1G ethernet packets | passive | MAC/IP/protocol node/conversation matrix tables | realtime telnet terminal output |
| Shomiti Surveyor | 10/100/1000 Ethernet; 4/16 Token Ring | both | 7-layer analysis | GUI |
| Sniffer Basic | 10/100 Ether LAN; 4/16 token ring | both | pkt capture, bandwidth utilization, protocol utilization, pkt and frame errs, traffic generation, | GUI |
| Wireshark | ethernet, FDDI, PPP, token-ring, X.25, IP over ATM, tcpdump (libpcap), various pkt analyzers | passive | protocol distribution | Unix GUI, or TTY-mode |
Traffic Monitors/Analyzers
| Tool | Input | Measurement | Output | |
|---|---|---|---|---|
| Active / Passive |
Functions | |||
| argus | pkt capture files, data from a live interface | passive | connectivity, capacity, demand, loss, delay, jitter, performance | text (log files) |
| cflowd | flow-export data from one or more Cisco/Juniper routers | passive | flow analysis, performance | tabular summaries |
| CoralReef | packet trace files, network interface, or specialized ATM or POS capture device | passive | traffic flow analysis, workload characterization | both static and dynamic reports |
| Cricket | time-series data | passive | traffic analyzer | web GUI |
| flow-tools | NetFlow | passive | traffic analyzer | command-line tools |
| InMon Traffic Server | flow-export data from one or more Cisco routers; sFlow data from probes, switches and routers | passive | flow analysis, performance | web |
| ntop | Cisco NetFlow/Juniper sFlow | passive | sorts network traffic by protocol, statistics, host/IP identification, subnets, usage by protocol, flow analysis, performance | stores stats in RRD, HTML reports |
| NetFlow | flow-export data from one or more Cisco routers | passive | flow analysis, performance | raw flow data |
| pipechar | destination name or IP address | active | Round trip time (RTT) to each measured node. Possible capacity of a node if that node load is low; or congestion degree if that node load is high. | text |
| Orca | text files | passive | periodic plots and distributions | HTML, PNG files |
SNMP Network Management Systems
| Tool | Input | Measurement | Output | |
|---|---|---|---|---|
| Active / Passive |
Functions | |||
| Compaq TeMIP | SNMP, Q3/CMIP, CORBA over leased lines, ATM, Sonet/SDH | passive | traffic monitor; performance mgmt; workflow char; mapping service | GUI or web pages |
| NeTraMet | SNMP | passive | traffic flow accounting meter; xfr rate dist; pkt size dist; protocol dist; turnaround time dist | GUI |
| RTG | SNMP | passive | high-performance SNMP statistics monitoring | database, text, web pages |