Network Spy is a general purpose diagnostic tool for administrators,
programmers and students of network technologies. It can operate in
different modes depending on the application. Some of the more typical
applications of this tool include:
- Packet capture and decode
- Network Statistics gathering
- Software debugging
- Intrusion Detection and activity monitoring
Packet Capture and Decode
In this mode, Network Spy can be used to get a snapshot of data from an
ethernet network. It is capable of decoding the most widely used IP
protocols such as UCP, TCP and ICMP. It also allows you to save this data
for later analysis. The decoded packets are displayed in human readable
form.
Network Statistics gathering
In this mode, the amount of data attributed to a certain activity can be
captured. For instance, if you want to monitor how much data is
transferred between user x and excite.com, you can specify a rule to keep
a track of amount of this data. Another example is keeping track of how
much FTP data flows on your network.
Software Debugging
People programming network software and web applications will find this
tool extremely useful. It can be used to debug application to find errors
in code, compute bandwidth utilization and find bottlenecks.
Intrusion Detection and Activity Monitoring
Using the new rules-based filtering mechanism, one can capture packets of
interest, avoiding a huge capture of all packets on the network. A rule
specifies a pattern to match. For instance, one could specify to capture
all ICMP packets where TTL=1. This would be true when someone is
performing a traceroute.
Network Spy also includes various other tools such as DNS Lookup, Ping, TraceRoute and Whois to aid in everyday tasks.