Network Protocol Analyzers (a.k.a. traffic packet analyzers or sniffers) are essential instruments in the network and/or security professional’s toolbox. The ability to examine traffic in motion across a network is critical for optimizing network topologies, troubleshooting malfunctioning or poorly-performing applications, and perhaps most importantly—identifying and mitigating cyber attacks. In this comparison, we’ll look at two leading network protocol analysis tools—Wireshark and Netcat—to see how they stack up against each other.
Protocol Analysis 101
Data packets form the essential building blocks of information technology. All internet communications and media/files—from video and music to email and chat sessions—are transmitted as these discrete units of data. Tools for capturing and decoding data packets are therefore fundamental instruments for proper network management. Without them, IT and operations are at a loss as to what is actually being transmitted across their networks. Network protocol analysis tools give IT specialists a microscopic view of data moving back and forth across network nodes.
Wireshark by Riverbed Technology
Wireshark is arguably the most widely-used network protocol analyzer on the market today. The free, open source tool was originally known as Ethereal, but has since been renamed due to trademark issues.
Netcat by Hobbit
Commonly abbreviated and referred to as nc, Netcat is a hailed by many network professionals as the Swiss Army Knife for TCP/IP-based network analysis. Its popularity is primarily due to its lightweight extensibility and feature-rich network debugging and investigation capabilities.
Side-By-Side Scoring: Wireshark vs. Netcat
1. Capability Set
Wireshark is capable of capturing and analyzing data from wifi, ethernet, VLANs, Bluetooth, and USB devices, among others. Additionally, Wireshark is able to inspect hundred of different protocols. At the most basic level, Netcat captures and analyzes data packets over TCP and UDP connections between two nodes over any port—specifics in regards device type must be configured manually by the operator. Netcat is extremely extensible, and is highly capable when integrated with other tools and utilities.
Out-of-the-box, Wireshark possesses a broad commercial capability set as the tool is productized by Riverbed Technology (which offers a whole suite of enterprise offerings). Netcat feels bareboned but is designed to be custom-tailored and tweaked by hand; subsequently, its capabilities are straightforward but nonetheless comprehensive. In terms of packet analysis, both tools are competent utilities for network debugging, port scanning, port listening, and more.
2. Ease Of Use
Wireshark features a competent GUI and is available on a wide array of platforms: Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, among others. Netcat is only available on *nix platforms and is primarily CLI-driven, offering no visual interface for the command-line impaired.
3. Community Support
Both tools are highly popular tools with longstanding market presence; subsequently, both have vast volumes of community support materials available online.
4. Security and Surface Attack Probability
Per the CVE database, Netcat has 8 documented vulnerabilities since its inception while Wireshark possesses a whopping 322. That said, Netcat is a popular Black Hat tool amongst hackers and its mere presence on a host makes it a somewhat of a liability.
5. Release Rate
Netcat is currently at version 1.10, with 8 years having passed since its last release. In contrast, Wireshark's latest 1.12.8 release was made available in October 2015, with a preview of 2.0.0rc1 also released at the same time.
6. Pricing And Support
Both tools are free and open-source. Again, Wireshark is backed by a commercial entity and offers official documentation and support materials from Riverbed Technologies. Netcat has no such official support materials but has a broad array of support materials created on its behalf by reputable organizations such as the SANS Institute.
7. API and Extensibility
Wireshark supports a broad range of languages and possesses a rich LUA-based API. Netcat has no API to speak of, though operators with the requisite skill set can build their own minimal REST web server to fulfill this need.
8. 3rd Party Integrations
For those competent with the CLI, Netcat is highly integrable with 3rd party tools. Wireshark allows for a host of 3rd party integrations through native C libraries or Lua modules.
9. Bug Bounty Program
No bounties exist for either, as both are free tools. However, Wireshark hosts an expansive, community-contributed bug database.
10. Companies That Use It
Both tools are ubiquitous and utilized extensively by enterprises, non-profits, and individuals alike. It's worth noting again that Wireshark is supported by Riverbed Technology, a global leader in application performance infrastructure solutions with over $1 billion in annual revenue. Notable customers include Intuit, Michelin, Tribune Media, Allianz, and T-Mobile, among others.
11. Age Of Language Developed In/Used
Netcat is written in C; Wireshark is written in C/C++. Both are of course venerable, foundational programming languages. As mentioned previously, Wireshark can be extended through modules written in LUA, a lightweight cross-platform language implemented in ANSI C.
12. Learning Curve
Wireshark features a competent GUI, while Netcat is CLI-based. The latter therefore requires a stronger technical skill set to manipulate and manage; that said, operators wishing to perform advanced protocol analysis are in most cases adept in using the command line—with many regarding visual-based interfaces as hindrances rather than beneficial.
Scoreboard and Summary
The following is the scoreboard for Wireshark vs. Netcat based on the criteria listed above:
So for an easier to use, API-extensible GUI-based tool backed by a enterprise software company, go with Wireshark. Netcat is a no-frills, powerful CLI-based protocol analyzer for experts—it gets the job done quickly and efficiently. Both tools are free and open-source, so cost will never be an issue. And for continuous security monitoring and vulnerability assessment, UpGuard is the platform to beat. Try it today, the first 10 nodes are on us.
Sources
https://www.pcmag.com/review/248520/wireshark-1-2-6
https://www.wireshark.org/about.html
https://www.cvedetails.com/product/4047/Netcat-Netcat.html?vendor_id=2310
https://www.cvedetails.com/product/8292/Wireshark-Wireshark.html?vendor_id=4861
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
https://www.pcworld.com/article/186871/track_down_network_problems_with_wireshark.html
http://www.admin-magazine.com/Articles/Netcat-The-Admin-s-Best-Friend
