Web Debug

Fix broken web applications, from servers to clients.

Wireshark vs Network Monitor

1) Wireshark is released under the GNU Public License; its source code is available to all, and if anybody makes a modified version of Wireshark available, they must make it available in source form to everybody to whom they make it available in binary form (see the GPL, Version 2:
and the FAQ about it:
for a more detailed and perhaps more correct explanation). It is available at no cost.
Microsoft Network Monitor (henceforth referred to as "NetMon") is available at no cost, but its source code is not available.

2) Wireshark dissects packets by directly executing code, written in C, Lua (for versions of Wireshark built with Lua) or, I think, Python (for versions of Wireshark built with the Python interpreter); a third-party plugin:
allows packet formats to be described in a packet description language. Tools exist to transform some packet description languages (ASN.1, Samba's PIDL interface description language for DCERPC/MSRPC, CORBA IDL) into C code.
NetMon dissects packets by using packet descriptions written in NetMon's own packet description language.

3) Wireshark runs on Windows and a number of UN*Xes (Linux distributions, *BSD, Mac OS X, Solaris, HP-UX, AIX, etc.).
NetMon runs only on Windows (it might be able to run, without support for packet capture, on x86 UN*Xes under Wine).

4) Wireshark can read capture files in a number of formats, including both pcap and pcap-NG format, as well as various formats from other packet analyzers, including NetMon format.
NetMon can read both its native format and pcap format; it supports some features of its native format that Wireshark does not (including, at present, frame comments).

5) Network Monitor can categorize network messages by processes while Wireshark cannot.

6) Network Monitor provides parser for windows native trace like wininet trace or etw trace.

Fork me on GitHub