Tool Comparison

Portable Protocol Analyzer Feature Comparison

Description	Sniffer Portable v4.80.062 (SP1)	Optiview Protocol Expert v8.0.0.43339.0	Wireshark 0.99.6a
SOFTWARE INFORMATION
Website Address	www.networkgeneral.com	www.flukenetworks.com	www.Wireshark.com
Operating Systems Supported	Windows XP, NT, 2000	All Windows	All Windows, Unix, Linux
Min Processor	600mhz Processor	1 Ghz	NA
Min RAM	256 MB	512 MB	NA
Start Page Wizard	No	No	No
Capturing Packets	Sniffer Portable	Optiview Protocol Expert	Wireshark
CAPTURE CONFIGURATION
Autosave to disk	Yes	Yes	Yes
Capture from command prompt	No	No	Yes
Capture from multiple cards	Yes	Yes	Yes
Display error counters with supported card	Yes	Yes	N/A
Max Buffer Size	384 MB	32 MB	N/A
Packet Slicing	Yes	Yes	Yes
CAPTURE FILTER
Filter on Layer 2 address	Yes	Yes	Yes
Filter on Layer 3 address	Yes	Yes	Yes
Filter on Layer 4 Port #	Yes	Yes	Yes
Filter on Protocol	Yes	Yes	Yes
Filter on offset/no data pattern	Yes	Yes	Yes
Filter on offset/data pattern	Yes	Yes	Yes
CAPTURE FEATURES
Adapter Speed Displayed	Yes	Yes	Yes
Packet capture indicator	Yes	Yes	Yes
Real Time Packet Summary	Yes	Yes	Yes
Real Time Packet Detail	Yes	No	Yes
Stop/Start Triggers by Time	Yes	Yes	Yes/No
Stop/Start Triggers by Error	Yes	Yes	No
Stop/Start Triggers by Filter Criteria	Yes	Yes - counters	No
Remotely capture packets	No. DSS required.	Yes. Plugin required.	No
TCP Checksum Errors Displayed in Expert	No	Yes	Yes
CAPTURE - EXPERT
CDP information displayed	Yes	No	No
Real Time Expert Objects	Yes	Yes	Yes
Expert Object Database	Yes	Yes	No
Expert Diagnosis/Symptoms	Yes	Yes	Yes
Expert Summary Export	Yes - HTML	Yes - CSV	No
Expert selected item export	Yes - HTML	No	No
Expert error/frame number reference	No	Yes	Yes
NetBIOS Name/Qualifier displayed in a host type screen	Yes	Yes	No
Expert shows TCP Window Size Range	Yes	Yes	No
TCP Checksum Errors Displayed in Expert	No	Yes	Yes
Displaying Packets	Sniffer Portable	Optiview Protocol Expert	Wireshark
Conversion required to open other formats	Yes - Sniffer Tool Collection utility	Yes	No
CRC included in packet length	No	Yes	Yes
Delete packets in summary screen	No	Yes	No
Define filters by clicking specific packet info	No	Yes	Yes
Drag and Drop trace files into app	Yes	Yes	Yes
Edit packet contents	Yes	Yes	Yes (editcap)
Correlate data payload from many packets	No	Yes	Yes
Expert Object display filters	Yes	No	No
Filter on Layer 2 address	Yes	Yes	Yes
Filter on Layer 3 address	Yes	Yes	Yes
Filter on Layer 4 Port #	Yes	Yes	Yes
Filter on Application	Yes	Yes	Yes
Filter on offset/pattern	Yes	Yes	Yes
Import or save to other trace file formats	No, Yes (with Sniffer Tool Collection utility)	Yes, Enc, Internet Advisor, Sniffer cap, enc and legacy formats	Native capture file format is libpcap format, which is also the format used by tcpdump, snoop and atmsnoop, Shomiti/Finisar Surveyor, Novell LANalyzer, Network General/Network Associates DOS-based Sniffer (compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, Cinco Networks NetXRay, Network Associates Windows-based Sniffer, AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek, RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, HP-UX's nettl, the dump output from Toshiba's ISDN routers, the output from i4btrace from the ISDN4BSD project, the output in IPLog format from the Cisco Secure Intrusion Detection System, pppd logs (pppdump format), the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities, the text output from the DBS Etherwatch VMS utility, traffic capture files from Visual Networks' Visual UpTime, the output from CoSine L2 debug, the output from Accellent's 5Views LAN agents, Endace Measurement Systems' ERF format, Linux Bluez Bluetooth stack hcidump -, and Network Instruments Observer version 9.
Mark frames	Yes	Yes	Yes
Microsoft Names/Qualfiers	Yes	Yes	Yes
Modify font size	Yes	Yes	Yes
Packet capture indicator	Yes	Yes	Yes
Print packets to a file (Export)	Yes	Yes	Yes
Protocol Forcing	Yes	Yes	Yes
Reassemble multiple HTTP packets	Yes	Yes	Yes
Search summary for Text	Yes	Yes	Yes
Search within Detail for Text	Yes	Yes	Yes
Search or go to time	Yes	Yes	Yes
Search for Expert message	Yes	Yes	No
Show Packet Offsets in Detail	No	No	No
Zoom into a pane	Yes - F4	Yes - F11	Yes - Menu
Monitoring Traffic	Sniffer Portable 4.80.062 (SP1)	Optiview Protocol Expert 7.0.0.27663.0	Wireshark 0.99.6a
Add customized UDP/TCP port #'s	Yes	Yes	Yes
Alarm Log	Yes	Yes	No
Application Response Time	Yes	Yes	Yes
Errors/s	Yes	Yes	No
Filter on Layer 2 address	Yes	Yes	Yes
Filter on Layer 3 address	Yes	Yes	Yes
Filter on Layer 4 Port #	Yes	Yes	Yes
Filter on Protocol	Yes	Yes	Yes
Filter on offset/pattern	Yes	Yes	Yes
Frame Size Distribution - Export	Yes - Yes	Yes - Yes	Yes
Host Table (Layer 2, 3, 4) - Export	Yes - Yes	Yes - Yes	Yes
Matrix (Layer 2,3,4) - Export	Yes - Yes	Yes - Yes	Yes
Packets/s	Yes	Yes	Yes
Packet Slicing	No	Yes	Yes
Protocol Statistics - Export	Yes - Yes (csv,html)	Yes - bmp,csv	Yes
Reporting Facility or log	Yes	Yes	No
Utilization	Yes	Yes	No
Tools	Sniffer Portable 4.80.062 (SP1)	Optiview Protocol Expert 7.0.0.27663.0	Wireshark 0.99.6a
Address book	Yes	Yes	No
Add additional troubleshooting tools	Yes	No	No
Create multiple separate XMIT streams	No	Yes	No
Long Term Database Facility	Yes	Yes	No
Merge Trace Files	Yes - Sniffer Tool Collection utility	Yes	Yes - Mergecap
Packet Generator	Yes	Yes	No
RMON Capture console	No	No	No
Save transmit specs	No	Yes	No
SNMP query facility	Yes, specific Cisco/Nortel	No	No

Monday, July 07, 2008