A protocol analyzer and packet sniffer for professional network monitoring and analysis.

Pros: AirGrab is a professional Network Packet Analyzer. It is billed as a protocol analyzer and packet sniffer and it performs both these functions fairly well. The packet decoding unit performs well and all the packet information is decoded accurately and displayed in a packet analysis window. One of the best features when compared to other Packet Analyzers such as Ethereal/WireShark is the really eye-catching Packet capturing window which displays the number of packets that have been captured (shown as a “Red” received and “Green” sent packets). This is very useful and gives a good sense of how the link is behaving overtime. This is also somehow more accurate than the windows information and differs in the sense that the data can be observed from exactly when you want it. You can easily switch between the number of packers to bytes per second mode, to be able to see throughputs in real-time as well.

It has decryption support for a number of protocols. There is the standard support for a number of protocols: including Ethernet, 802.11, and others. Bluetooth support which is not so common is a real bonus.

Cons: Although the interface is attractive, the problem is that users who are used to using the Ethereal/WireShark interface will have a hard time switching. The fact that things appear in different windows is a blessing as well as a curse. Especially it can get irritating and it does slow down when you have big captures (long term captures) in progress. Decoded packet information is presented poorly by putting the less readable HEX on top and text on the bottom of the screen, forcing you to scroll.

Overall: 4 stars. Works fairly well. Some interesting graphical features, but interface needs further improvement. Does not make a persuasive case for switching from Ethereal/WireShark.