Your devices talk with each other every day and a packet capture tool can tell you a lot about the content of those conversations.

Here is our list of the best packet capture tools:

  • SolarWinds Network Performance Monitor EDITOR’S CHOICE Network monitoring tool with a packet analyzer, quality of experience (QoE) dashboard and custom alerts. This system is able to identify more than 1,200 applications and extract just their traffic. Installs on Windows Server. Download a 30-day free trial.
  • Paessler PRTG Network Monitor (FREE TRIAL) An infrastructure monitoring system with strong network supervision modules. Includes four packet capture sensors out of the box and users can also create customized packet sniffing methods.
  • Wireshark Open-source packet analyzer that can capture and filter packets.
  • ManageEngine NetFlow Analyzer NetFlow analyzer tool with reports and a threshold-based alerts system.
  • Colasoft Capsa Network analyzer that supports over 1800 different protocols.
  • Tcpdump Free command-line packet capture tool for UNIX that supports TCP, UDP, and ICMP.
  • Kismet Wireless network detector, packet sniffer, and intrusion detection tool with 802.11 monitoring.
  • Steel Central Packet Analyzer Plus Packet sniffing tool with customizable views, an alerts system, and reports.

What is Packet Capture?

Packet capture involves copying segments of network traffic. Traffic travels in packets that include a data payload and a header. Full packet capture takes the whole packet. If all of the packets passing over a network are captured, the resulting storage file can become very large very quickly.

As a lot of data in transit gets encrypted before it is sent, there is not much value in copying the data payload. In cases where the contents of the payload aren’t encrypted, the business’s management and users might not want IT department technicians to read that data in transit. Therefore, it is more usual to store just the packet headers. Another technique samples traffic by capturing only every nth packet rather than all of them.

See Also: Best Packet Sniffers

The best packet capture tools

With these selection criteria in mind, we looked for reputable packet capture tools that include methods to reduce the amount of data that needs to be stored.

Our methodology for selecting a packet capture tool for your network 

We reviewed the market for packet capture systems and analyzed the tools based on the following criteria:

  • The ability to sample every nth packet
  • The option to extract just the packet headers
  • Filters for packet capture
  • A packet viewer with data analysis tools
  • The option to store packets to file
  • A free trial or a free tool that enables the system to be tested without having to pay
  • Good value for money from a tool that works well and is offered at a fair price or a free tool that is worth installing.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds Network Performance Monitor is a network monitoring platform with a network packet analyzer that can capture data from over 1,200 applications out-of-the-box. With SolarWinds Network Performance Monitor you can measure packet transfer in real-time through the Quality of Experience (QoE) dashboard.

Key Features:

  • Scans passing packets
  • Identifies protocols
  • Tallies traffic by address
  • Analyzes packets
  • Stores analysis instead of packets

Through the dashboard, you can view services with the top response times on a graph. You can also view traffic types as categories such as destination IP address, port usage, and application type.

Custom alerts allow you to determine when you receive a notification on packet status. You can opt to receive alerts via email or SMS. To avoid false positives, the platform uses dynamic baselines to detect genuine performance deviations without overwhelming you with fake alerts.

SolarWinds Network Performance Monitor is a formidable network analyzer that’s easy to navigate and configure. The price of the program starts at $2,995 (£2,268). You can download a 30-day free trial.

Pros:

  • Easy-to-use dashboard with highly customizable widgets and options
  • Easily filter and view metrics like response times, latency, uptime, traffic destination, and port usage
  • Custom alerts are simple to set up and can send notifications via SMS, email, or third-party integration
  • Uses floating baseline analysis to avoid false positives and track performance accurately overtime

Cons:

  • Is a highly detailed platform that requires technical expertise and time to fully utilize

2. Paessler PRTG Network Monitor (FREE TRIAL)

EDITOR’S CHOICE

SolarWinds Network Performance Monitor is our top pick for packet capture because it has special traffic filters that get you just the packets that you need. Being able to identify specific application data at the point of capture cuts down the volume of data that you need to sort through in order to carry out an analysis. The Network Performance Monitor also performs continuous network status checks while you carry out your traffic analysis.

Start 30-day Free Trial: solarwinds.com/network-performance-monitor

OS: Windows Server 2016 or later

Paessler PRTG Network Monitor is a network monitoring tool that has a packet sniffer/bandwidth monitoring function. For bandwidth monitoring, the software can monitor the availability, bandwidth usage, and upload/download speeds in real-time with SNMP and WMI.

  • Packet snigger
  • Traffic statistics
  • Protocol analyzer
  • Top 10 ranker

There is a range of sensors you can use to monitor performance including the Packet Sniffer sensor. The Packet Sniffer sensor analyses IRC AIM, Citrix, FTP/P2P, Mail, WWW, RDP, SSH, Telnet, and VNC.

The sensor includes a break down of the Top Talkers, Top Connections, and Top Protocols. Each of these can be viewed as pie charts, making it easy to see how network resources are consumed between devices. Other statistics are broken down with charts and dials so that you can read them easily from a distance.

Configurable alerts let you know when network traffic usage is behaving unusually. The user can configure alerts to be sent by email, SMS, slack message, push notification, Syslog message, SNMP trap, and more. You can also use automated responses such as executing a program or HTTP action.

PRTG Network Monitor is a good place to start if you want a packet capture tool that’s easy to use. The software is free for less than 100 sensors. Paid versions start at $1,600 (£1,211). You can download the 30-day free trial.

  • Uses a combination of packet sniffing, WMI, and SNMP to report network performance data

  • Fully customizable dashboard is great for both lone administrators as well as NOC teams

  • Drag and drop editor makes it easy to build custom views and reports

  • Supports a wide range of alert mediums such as SMS, email, and third-party integrations into platforms like Slack

  • Each sensor is specifically designed to monitor each application, for example, there are prebuilt sensors whose specific purpose is to capture and monitor VoIP activity

  • Supports a freeware version

  • Is a very comprehensive platform with many features and moving parts that require time to learn

3. Wireshark

Paessler PRTG is a powerful packet capture tool because it provides four alternative methods for extracting packets from a network. The ability to create custom packet capture rules and apply different alert thresholds creates a great deal of flexibility, while the out-of-the-box sensors and alerts provide instant insights that are easy to set up.

Get a 30-day free trial: paessler.com/download/prtg-download

Operating System: Windows Server

Wireshark is a free open-source packet analyzer you can use to inspect network traffic in real-time. You can launch a scan and view the captured packet data on the screen in a table format. Once you’ve finished the scan you can press the stop button.

  • Free to use
  • Highly respected
  • Proprietary filtering language

To help you navigate you can use capture and display filters to cut down on the amount of traffic you see on screen. Once you’ve finished the scan you can export the results in plain text, XML, CSV, or PostScript.

Color coding also helps you to distinguish different types of traffic. Different traffic types are shown in different colors. For example, TCP traffic is a different color to UDP traffic. You can change the color of different packet rights by creating your own color rules to customize the traffic colors.

Wireshark is worth a look if you’re looking for a free traffic analyzer that’s accessible. The GUI and filter system make the tool hassle-free to use. The software is available for Windows, Linux, Mac OS, Solaris, FreeBSD, NetBSD, and more. You can download the program for free.

  • One of the most popular packet analyzer tools, with a massive community behind it

  • Open source project that adds new features and plugins

  • Supports packet collection and analysis in the same program

  • Completely free

  • Has a steep learning curve, designed for network professionals

  • Filtering can take time to learn, collects everything by default which can be overwhelming on large networks

4. ManageEngine NetFlow Analyzer

ManageEngine NetFlow Analyzer is a NetFlow analysis tool that supports NetFlow, sFlow, IPFIX, Netstream, J-Flow, and AppFlow. The tool allows you to view network traffic in real-time with graphs. To help make sense of the data more easily you can measure bandwidth by user, device, or application to see which entities are consuming the most resources. The top consumers can be viewed as pie charts.

  • NetFlow and IPFIX
  • Netstream, sFlow, J-Flow, and AppFlow
  • Analysis alerts

Threshold-based alerts can be configured to notify you whenever traffic usage matches certain trigger conditions. Create alert profiles to determine when you receive alerts by email and SMS. Having notifications allows you to automatically be notified when your end-users experience performance issues.

To follow up on performance issues you can create reports. When creating reports you can select the report type, data points used, report options, time period, device, and more. Creating reports allows you to reflect back on network usage over time.

ManageEngine NetFlow Analyzer is an excellent packet capture tool, that’s suitable for SME’s and midsize organizations. It’s accessible with a straightforward user interface. ManageEngine NetFlow Analyzer is available on Windows and Linux. You can download a free trial.

  • Excellent user interface, easy to navigate, and remains uncluttered even when used on high volume networks

  • Supports multiple networking technologies such as Cisco Netflow, Juniper Networks J-Flow, and Huawei Netstream, making it a hardware-agnostic solution

  • Pre-built templates allow you to pull insights from packet capture right away

  • Installs on Windows as well as on multiple flavors of Linux

  • Built for the enterprise, offers SLA tracking and monitoring features

  • Built for enterprise companies who process a lot of data, not the best fit for small LANs or home users

5. Colasoft Capsa 

Colasoft Capsa is a network analyzer for Windows that can monitor packets in real-time. The software supports over 1800 different protocols that you can monitor through the dashboard. On the dashboard, you can view network usage as visual components like graphs and charts. For example, you can view graphs on Top Application Protocols by Bytes or Top IP Total Traffic by Bytes.

  • Protocol analyzer
  • Scheduled packet capture
  • VoIP QoS statistics

You can schedule packet capture scans to run at a specific time period, whether daily or weekly. Regular scans make sure that you don’t miss out on any evolving performance concerns. In the event that you do miss something, email and audio alerts keep you notified when a networking event needing your attention occurs.

Colasoft Capsa is recommended for enterprises that want a competitively priced network analyzer for Windows. The software starts at $995 (£753). You can download the free trial version.

  • Designed specifically for VoIP traffic

  • Tracks all key VoIP metrics very well, including call codec type and event distribution

  • Can support unlimited IP addresses

  • Can monitor more VoIP metrics than similar tools

  • Feels clunky and outdated

  • Visualizations aren’t as customizable as similar tools on the market

6. tcpdump

Tcpdump is an open-source packet analysis tool based in the command line and capture protocols including TCP, UDP, and ICMP. The tool is included by default with a number of different Linux distributions and can be used to capture packets and view packet contents on the screen.

  • Underpinned by libpcap and WinPcap
  • TCP, UDP, and ICMP
  • Filtering possible

Once you start scanning your network, the software will continue to generate results until you send it an interrupt signal or it reaches the packet limit you specified. The tool can report counts of packets captured, received by the filter, and dropped by kernel. You can also filter captured packets by source, destination, and protocol to help navigate.

Tcpdump isn’t as modern as some of the other tools on this list but its packet monitoring capabilities still hold up. Tcpdump is available on Unix. There is also a version of the tool available for Windows called WinDump. You can download the program for free, and you get get a jump start on using it with our downloadable tcpdump cheat sheet.

  • Open-source tool backed by a large and dedicated community

  • Simple syntax is easy to learn, especially for users who are comfortable with CLI tools

  • Lightweight application- utilizes CLI for most commands

  • Completely free

  • Isn’t as user-friendly as other options

  • Uses a complicated query language for filtering

  • Packet capture can only be read by applications that can read PCAP files, not saved in plain text files

7. Kismet 

Kismet is a wireless network detector, packet-sniffing, and intrusion detection tool. Kismet supports 802.11 monitoring and can monitor network traffic without leaving behind any fingerprints. In addition, the tool can also discover hidden networks that don’t broadcast an SSID.

  • WiFi packet capture
  • Bluetooth capture
  • Signal mapping

The software has a substantial amount of documentation and an active user community behind it, providing newbies with enough information to learn more about the program. There is also a range of plugins that you can use to extend the core features. For example, the Kestrel plugin provides you with live mapping so you can view the location of devices in the network.

Kismet is ideal for enterprises that want packet sniffing software with extra functions and a range of configuration options (although it isn’t the easiest tool to use!) Kismet is available on Linux, macOS, and Windows 10 (under the WSL framework). You can download the program for free.

  • Available for Linux, Mac, and OpenBSD

  • Can scan for Bluetooth signals along with other wireless protocols outside of Wifi

  • Allows for real-time packet capture that can be forwarded to multiple team members

  • Uses plugins for additional features keeps the base installation lightweight

  • Free to use

  • Designed for smaller networks

  • Lacks enterprise-level reporting capabilities

  • Reliant upon the open-source community for support and updates

8. Steel Central Packet Analyzer Plus 

Steel Central Packet Analyzer Plus is a packet analysis tool that allows you to monitor network traffic. The user can draft-and-drop views onto virtual interfaces to monitor network traffic through graphs and charts. You can switch between views of bandwidth usage, talkers and conversations, user activity, and more.

  • Graphical filter assembler
  • Customizable alerts
  • Graphs and charts

If you spot any problematic traffic then you can isolate it to take a closer look. However, if you don’t spot a problem you can rely on alerts. The alerts system allows you to set trigger conditions for notifications. Alerts can be configured for issues such as high bandwidth or round-trip time. You can also generate reports on network traffic in PDF, Word, and Excel formats.

Steel Central Packet Analyzer Plus is a good tool for those who want a simple GUI-based packet sniffer. Steel Central Packet Analyzer Plus integrates with Wireshark and Riverbed Steel Center Transaction Analyzer. If you want to view pricing information you will have to contact the sales team. You can download a free trial.

  • A simple and elegant interface makes it easy to view network traffic at a glance

  • Dashboards can be customized through drag-and-drop widgets

  • Integrates well with tools like Wireshark, making it a great option for additional visualization of data

  • Could benefit from more integration options

  • Would like to see more out-of-the-box reports and alert templates

  • Must contact the sales team for pricing details

Which packet capture tool is best for you?

Regularly monitoring your network traffic is a must for making sure that your resource usage is being optimized. Packet analysis tools can be tremendously valuable for examining network conversations and finding inefficient communications and malicious cyber attacks.

With the range of options on the market, you have complete control over the type of monitoring experience you can go for. If you’re looking for a GUI-based tool then we recommend PRTG Network Monitor, because of its user-friendly interface and low price point.

Wireshark also stands up as a viable open-source alternative for less experienced users. Other tools like Tcpdump and Kismet are a good fit for those who are comfortable working with the command line.