Can anyone recommend a good packet sniffer - that will run in DOS or Windows 3.11 - that will identify the packets and let me look inside? even if they're invalid packets?
Being that this is the Vintage Computer forums, I thought talking about Vintage sniffer software might be cool.
Years ago (1990-92 timeframes) I used a DOS packet sniffer called NetCapt/NetCure fron the DNPAP at the Technical University of Delft. NetCure will run on an XT and just needs a packet driver for the card you have. I used it to troubleshoot some 802.3 10BASE5 LANs running NetWare 2.15/2.2 at a factory. IPX is a great LAN protocol, and since the MAC address is the IPX station address, it made finding issues and narrowing them down to the actual NIC involved a lot easier. Broadcast storms were the biggest problem, especially with all the eight port Cabletron multiport AUI repeaters (eight AUI's to workstations; one AUI to the 10BASE5 vampire tap). But the DNPAP software allowed real-time display as well as historical recording of traffic, and saved the day more than once. I had a 386DX/16 just to run the DNPAP software by the time I left there.
NetCure spawned The Beholder, Gobbler, and BTNG (Beholder the Next Generation). None of the followons were anywhere near as easy to use as the original NetCure, in my opinion.
Finding it today was a bit of a challenge, as I had forgotten the name of the program. But the acronym DNPAP I remembered; see
https://web.archive.org/web/19971007193012/http://dnpap.et.tudelft.nl/DNPAP/dnpap.html for the earliest Wayback Machine archived page.
Now I am going to go all 'Vintage' on you, as it was a
gopher site where I found it originally, years ago, through a dialup internet service called Eskimo North (still there as eskimo.com)). The actual software is archived in a few places; one of them is
ftp://ftp.fh-koblenz.de/pub/pc/msdos/networking/dnpap/
But that's just keeping with the Vintage theme, and keeping in on DOS..... for modern analysis, I use the webified wireshark interface provided by the Network Security Toolkit Linux distribution (
http://www.networksecuritytoolkit.org/nst/index.html ). It's based on Fedora and has a snazzy web interface that allows you to do some nice packet analysis, among other things. It's meant to be run by a tap appliance with separate capture and admin NICs, but works ok with a local GUI console (although the default console is not a GUI). Yes, I know it's not DOS or Windows, but it works very well and has relatively modest hardware requirements.