PhatNet
v1.0 Professional
Reviewed
by: Jim Huddle, September 2004, send
e-mail
Published
by: PhatWare
Corp., go
to the web site
Requires: Microsoft
Windows Pocket PC 2002 or 2003, CE 3.0 or later, 500KB
storage space on the handheld device, ActiveSync 3.7 or
later
MSRP: $99.00
(Personal), $299.00 (Professional)
If you are running any kind of network, at some
point you've wanted or needed to run a packet sniffer
to see what was going on over your wired or wireless
segments. Traditionally, packet sniffers have been
either standalone computers or software installed
on PCs. PhatWare has made packet sniffing quite a
bit more mobile with PhatNet, which installs on Pocket
PCs.
PhatWare offers PhatNet in two versions, Personal
and Professional. The Personal version only runs
in Point-to-Point Protocol (PPP) mode while the Professional
version also runs in low level Ethernet promiscuous
mode. Installation is via ActiveSync, but PhatWare
does make it possible to install PhatNet directly
to your Pocket PC by means of a downloaded .cab file.
(Ed.
Note: For the uninitiated, Packet Sniffing is
basically
a technique which uses network monitoring
tools to eavesdrop on data packets passing through
a network. This technique is used in at least three
important ways: a) by IS/IT people as a legitimate
tool for network traffic analysis, b) by hacker vandals
as a form of attack, and c) by hacker thieves as
a way of deciphering personal and network information
from data emanating from your computer or as a means
of stealing bandwidth. Packets are simply units of
protocol data and form the basis of information exchange
on all networks. Packet Filtering, on the other hand,
is an activity—and a feature usually incorporated
into routers and bridges—to limit the flow
of information based on predetermined communications
such as source, destination, or type of service being
provided by a network. Packet filters let an administrator
limit protocol-specific traffic to one network segment,
isolate e-mail domains and perform many other network
data traffic control functions.) |
|
You start PhatNet
by pointing to Start>PhatNet. The
program begins with the Trace Window and shows the primary
commands at the bottom. You can view the trace in three
levels of detail. The first is simply the protocol type
and from/to ports. The second will add the Media Access
Control (MAC) addresses (the unique physical address of
each device's network interface card), and the third will
show the IP addresses. If you want to look at packet details,
you stop the Trace by pointing to View>Details. This
will split the Trace window, with the captured packets
showing at the top and the selected packets details on
the bottom. The detail window offers extensive packet information
including Ethernet, IP and Protocol headers and others.
One of the best features of PhatNet is the ability to
capture packets to a file compatible with Ethereal. By
default file captures are set to PhatNet's file type, but
that is easily changed under Options. The program supports
Ethereal and tcdump.cap files and also LanWatch, IPTrace.trc
files.
PhatNet also has pretty good filter capability. It comes
with filters for ftp, http, telnet and smtp already created.
It allows you to create filters in Simple mode using select
boxes or in Advanced mode where you create the filter using
the PhatNet's filter definition language. If you've created
filters with other packet sniffers it shouldn't be too
intimidating. The manual gives a fair description of the
language and how to use it.
The main complaint I have with the product has to do with
support. At this writing PhatWare has temporarily disabled
it's support e-mail address. They do still have a Technical
Support Form available. I couldn't find a support phone
number however and neither their FAQs or Additional Support
Information links list the PhatNet program. PhatWare also
list a link to a PhatNet support forum hosted by Tekguru,
but it seems largely inactive. These shortcomings may well
be the result of the product being so new. It's only been
out since June 8th, 2004, but I would have thought a basic
FAQ would by now be available at the site. These are minor
complaints and the program has been functioning without
any problems.
I recommend PhatNet, but with caveats. In my opinion it's
not for folks who are just getting started with packet
collection and packet filtering technology because PhatNet's
documentation only covers the use of the program; there's
no primer on packet collection, packet filtering and so
on. There's an assumption that the user already knows what
they're doing. So for intermediate level users and higher
it's a fine program, given that those folks will know what
to do with it and understand the what's and why's of the
data and how they're getting it.
Letters to the Editor are welcome and occasionally abused in public. Send e-mail to: whine@kickstartnews.com
|
|