Dripcap is a cross-platform open-source packet analyzer which allows even total network novices to inspect their network traffic.
The program is simple to set up, as there’s no installation or third-party capture tool required– just unzip the download to any convenient folder.
There’s no complexity to the workflow, either. Click “Start New Capturing”, choose a network adapter, click Start and Dripcap goes to work.
Basic packet details are displayed as they’re captured: type (TCP, UDP, DNS, ARP etc), source and IP addresses and packet length.
Clicking any packet gives you a low-level breakdown: time stamp, MAC addresses, source and destination ports and assorted other IP and TCP-related information.
Dripcap offers flexible filters to define exactly which packets are captured or displayed. You set this up by typing text commands rather than selecting options from menus, but it’s still not difficult to use.
For example, you might enter “tcp” to show only TCP packets, “tcp.ack” to view acknowledgements, “payload.length >” 80 to, well, view packets with payload lengths of more than 80. You get the idea.
There are some annoying limitations, such as the inability to resolve IP addresses or save the complete capture for analysis later.
On the plus side, the program has some unusual extensions, including a “real-time P2P network visualizer” which displays your connections as a swirling cloud. This sometimes locked up Dripcap when we tried it on a real P2P download, so there’s work to do, but you’d expect that for an early version and at least the developer has some ambition.
Overall, Dripcap is relatively basic, but it’s easy to use and has some packet-capturing promise for the future. Give it a try.
Dripcap is available for 64-bit Windows, Mac and Linux.