PhatNet v1.0 Professional

Reviewed by: Jim Huddle, September 2004, send e-mail
Published by: PhatWare Corp., go to the web site
Requires: Microsoft Windows Pocket PC 2002 or 2003, CE 3.0 or later, 500KB storage space on the handheld device, ActiveSync 3.7 or later
MSRP: $99.00 (Personal), $299.00 (Professional)

If you are running any kind of network, at some point you've wanted or needed to run a packet sniffer to see what was going on over your wired or wireless segments. Traditionally, packet sniffers have been either standalone computers or software installed on PCs. PhatWare has made packet sniffing quite a bit more mobile with PhatNet, which installs on Pocket PCs.

PhatWare offers PhatNet in two versions, Personal and Professional. The Personal version only runs in Point-to-Point Protocol (PPP) mode while the Professional version also runs in low level Ethernet promiscuous mode. Installation is via ActiveSync, but PhatWare does make it possible to install PhatNet directly to your Pocket PC by means of a downloaded .cab file.

(Ed. Note: For the uninitiated, Packet Sniffing is basically a technique which uses network monitoring tools to eavesdrop on data packets passing through a network. This technique is used in at least three important ways: a) by IS/IT people as a legitimate tool for network traffic analysis, b) by hacker vandals as a form of attack, and c) by hacker thieves as a way of deciphering personal and network information from data emanating from your computer or as a means of stealing bandwidth. Packets are simply units of protocol data and form the basis of information exchange on all networks. Packet Filtering, on the other hand, is an activity—and a feature usually incorporated into routers and bridges—to limit the flow of information based on predetermined communications such as source, destination, or type of service being provided by a network. Packet filters let an administrator limit protocol-specific traffic to one network segment, isolate e-mail domains and perform many other network data traffic control functions.)

You start PhatNet by pointing to Start>PhatNet. The program begins with the Trace Window and shows the primary commands at the bottom. You can view the trace in three levels of detail. The first is simply the protocol type and from/to ports. The second will add the Media Access Control (MAC) addresses (the unique physical address of each device's network interface card), and the third will show the IP addresses. If you want to look at packet details, you stop the Trace by pointing to View>Details. This will split the Trace window, with the captured packets showing at the top and the selected packets details on the bottom. The detail window offers extensive packet information including Ethernet, IP and Protocol headers and others.

One of the best features of PhatNet is the ability to capture packets to a file compatible with Ethereal. By default file captures are set to PhatNet's file type, but that is easily changed under Options. The program supports Ethereal and tcdump.cap files and also LanWatch, IPTrace.trc files.

PhatNet also has pretty good filter capability. It comes with filters for ftp, http, telnet and smtp already created. It allows you to create filters in Simple mode using select boxes or in Advanced mode where you create the filter using the PhatNet's filter definition language. If you've created filters with other packet sniffers it shouldn't be too intimidating. The manual gives a fair description of the language and how to use it.

The main complaint I have with the product has to do with support. At this writing PhatWare has temporarily disabled it's support e-mail address. They do still have a Technical Support Form available. I couldn't find a support phone number however and neither their FAQs or Additional Support Information links list the PhatNet program. PhatWare also list a link to a PhatNet support forum hosted by Tekguru, but it seems largely inactive. These shortcomings may well be the result of the product being so new. It's only been out since June 8th, 2004, but I would have thought a basic FAQ would by now be available at the site. These are minor complaints and the program has been functioning without any problems.

I recommend PhatNet, but with caveats. In my opinion it's not for folks who are just getting started with packet collection and packet filtering technology because PhatNet's documentation only covers the use of the program; there's no primer on packet collection, packet filtering and so on. There's an assumption that the user already knows what they're doing. So for intermediate level users and higher it's a fine program, given that those folks will know what to do with it and understand the what's and why's of the data and how they're getting it.

Letters to the Editor are welcome and occasionally abused in public. Send e-mail to: whine@kickstartnews.com

 

 

 




© Copyright 2000-2006 kickstartnews.com. All rights reserved. legal notice
home | previous reviews | forums | about us | search | store | subscribe

 

Forums Search Home Previous Reviews About Us Store Subscribe