Current version is 1.371b
This is easy to answer. I wrote this program because I needed it.
NetBoar will sniff all the traffic on from your network connection, and display a summary on your screen. It works in a similar way as the iftop utility or Etherape on Unix systems, showing all the conversations going on. Also it differentiates them by the destination port when available, giving an idea of what protocols are taking up your bandwidth.
Good, and then?
Knowing the general plot of the history, you need to drill down using more specific tools, for example Ethereal.
What I need to run it?
A computer with Windows 2000, XP, 2003 or Vista, having Microsoft .NET Framework 2 installed. Also you will need WinPcap, to sniff network traffic. You will need some memory, say 20-32 Mb and some processing power. The program is multithreaded and asynchronously sniffs and elaborates data, so it will use the power of new dual core processor. That said, I tested it on a single Pentium 3@1Ghz, and it took 40-60% cpu to analyze traffic up to over 70 Mbit.
What will I see and what will I miss?
You’ll miss all non IP traffic. So you’ll miss IPX and other exotic protocols, even in the total byets counter. You’ll see several “known” protocols, with the option to see every singol TCP/UDP port used. In this first public version of NetBoar, the definition of “known” protocols is hard coded. Maybe it will change in future releases, if any. Protocols are also color-coded to see them at a glance.
Quick usage examples
You have lots of traffic from a branch office. Just connect NetBoar and you see, for example one specific IP that is doing hi rate SMTP traffic to one of your servers.
Also you just want to know which sites are accessed by your computer while you work.
Usage is very simple, just select your preferred interface ad click Start. If the number of conversations grows past the visible area, check the freeze checkbox in the Options menu or press CTRL+F. The capture and analysis process continues in the background. Also you may want to resolve IP addresses to hostnames. This could be a bad, bad idea if you have lots of traffic and the program may slow down waiting for DNS reverse lookups. Also you will create many DNS queries.
You have several options to choose from in the menu:
Promiscuous mode: sets the capture mode of your interface. Some wireless adapter require promiscuous mode to be disabled to sniff traffic
Writing this program was possible since people at Politecnico di Torino released WinPcap. Also the SharpPcap project made very simple to use WinPcap within .NET framework.
This is free software. You can download and use it without limitations as long as you don't patch it in any way. If you want to redistribute this program within your software, you must notify me via this page and insert the proper credits. The same if you use it in government, security or forensics environments.