Home / Accessories / Reviews
Reviews

EtherPeek 4.1

By Mel Beckman
Macworld JUN 30, 2002 5:00 pm PDT
At a Glance

Expert's Rating

Pros

  • Conditional filtering mechanism
  • Extensive protocol-decoding library
  • Useful plug-in analyzers

Cons

  • Missing some of the previous version’s utilities

Our Verdict

A LAN analyzer lets network administrators examine traffic at the bit and byte level so they can quickly troubleshoot network ailments. One such product is WildPackets’ venerable EtherPeek, which is now available for Macs running OS X. But while EtherPeek 4.1 for Mac OS X sports several new protocol decoders, provides more stability when running alongside other applications, and offers improved performance, it lacks some helpful utilities that were bundled with the previous version of the program (Reviews, January 2000).

Despite this slight step backward, EtherPeek is still a world-class troubleshooting tool. It captures packets from attached Ethernet or AirPort networks and uses specialized decoders to break those packets down into their component fields. This version adds new decoders for BGP, CHAP, Napster, PPTP, RTSP, SIP, and SNTP to hundreds of existing decoders. Also enhanced is decoding for FTP, HTTP, POP, IMAP, and Telnet. Plug-in analyzers extend the protocol decoders to perform useful chores such as detecting hacker attacks, logging HTTP sessions, and reconstructing e-mail messages. You can also filter packets using multistage AND, OR, and NOT conditional logic.

EtherPeek performs real-time statistical analysis of captured packets by protocol, node, or conversation, and it can export statistics as HTML or XML. EtherPeek can also generate traffic, so it’s a useful tool for testing applications and hardware.

In our tests, EtherPeek 4.1 was only slightly faster than EtherPeek 4.0.2 running in OS 9. A WildPackets representative says that the OS X rewrite aimed for compatibility, rather than speed, but that future versions will better exploit OS X performance features.

This version of the program is missing two useful utilities that were bundled with the previous, OS 9 version: EtherHelp and iNetTools. EtherHelp runs on a remote Mac to capture traffic for later analysis in EtherPeek, and iNetTools is a network probe with Ping, Traceroute, and other functions. OS X’s built-in Network Utility application provides similar features, and WildPackets plans to include EtherHelp in a future release.

Macworld’s Buying Advice

EtherPeek is still head and shoulders above comparable products on other platforms. Although EtherPeek 4.1 for OS X is not a radical improvement on the previous version, it’s the first OS X­native commercial network analyzer and therefore the perfect choice for network administrators running OS X.