A tool that works for me!
That was a question I was asked by the network manager at one of my clients recently. My answer was simply one word – Pilot (aka Cascade Pilot). Then he asked, “Why?”. That answer was a bit longer, but he thought it was one I should share, so here it is.
But first a little bit of background info.
I started out in data communications which led into networks as they evolved. Having used a range of datascopes and things, when it came to network analysers, the Network General Sniffer® was generally acknowledged as the only one to use. It ran on DOS and it could capture or let you view the data - but not both at the same time. I can't think how many times I stopped a capture to look at the data only then for someone to say “it's just happened again!”' which was really frustrating, to put it mildly. Sniffers were big and expensive, but the best thing for the job. Over the years, the Sniffer migrated to Windows, ran on laptops, and had more features, which was good. But it was still expensive.
While the Sniffer was evolving, many more analysers were introduced to the market by a variety of vendors, and I tried lots of them. Then some guy (Gerald Combs) wrote some free, open source software called Ethereal (which caused interesting debates about how you should pronounce it!). I have to admit that if you were lucky enough to have access to a real Sniffer, then you probably didn't take too much notice of this software, at first. But as time progressed, Ethereal got better and better and was still free, so if you didn't have a Sniffer, or didn't want to spend several thousands to buy one, then it was a very good option. Ethereal continued to improve and was eventually renamed Wireshark (which stopped the pronunciation issues!). I now use Wireshark almost daily and certainly on every troubleshooting job. For me, packet capture is a first line tool and not a last resort. Nowadays, I'm the first to say what a fantastic tool Wireshark is. however, when I’m engaged in troubleshooting a network problem, it frequently involves sorting through hundreds of gigabytes of capture data to identify a source of issue.