Network General Sniffer Portable 4.8 review
Now under the wing of Network General, Sniffer Portable is aimed at troubleshooting network segments that may not be regularly monitored from head office.
The software is lightweight enough to be installed on a notebook, where it loads a promiscuous-mode network driver to provide network monitoring, packet capture and analysis. It has an Expert mode, where it can decode packets, provide an explanation of their contents and warn of any problems. The Dashboard view has three gauges, showing utilisation, packets per second and errors. Beneath are line graphs for packet-size distribution, errors and general network activity, which are all handy for getting a quick overview of network activity. Active stations and the top ten talkers are listed in a host table, while a matrix provides charts showing the end points of conversations and traffic spread between nodes.
Wireless support has always been provided, but this new version finally adds 802.11g to the list. Sniffer watches for dubious wireless activities such as failed associations, authentication failures and frame time-outs and uses its alarm feature to warn you when it detects these. Rogue AP detection is also possible, although you need to create a list of MAC addresses of permitted APs first.
Optional support for VoIP analysis is available, although we weren’t that impressed. The Expert provides a breakdown of VoIP calls along with each party’s URL, which includes their phone number and calculates jitter to determine if call quality is up to scratch. This is useful, but Network Instrument’s Expert Observer offers this as standard, and its VoIP analysis and reporting are better. Reporting was a weak point for Sniffer, but is now improved, as the previously optional Sniffer Reporter utility is included with the base product.
At this lower end of the network analysis market, Sniffer Portable has a lot to offer, and we particularly like its clearly presented network-monitoring features. However, our favourite is still Network Instrument’s Observer, as it offers as wide a feature set for a lot less cash and its VoIP functions are better.