OmniPeek是一个非常流行,功能强大, 插件丰富的协议分析工具. 这些插件的排名根据下载数目来排行, 您看到的时候可能跟现在的有所不同.要察看最新的排名请参考:
https://wpdn.wildpackets.com/view_submissions.php?downloaded=1
下面的介绍我将首先引用英文的介绍,最后再加以中文的点评或分析,就不做翻译了.

1. Google Map Plug-in

Description:
The Google™ Map Plug-in displays a Google Map in the OmniPeek capture window showing the locations of all the public IP addresses of captured packets. This feature is a great way to monitor your Web site at a high level and see in real time where in the world those hits are coming from.

可以在google map 中显示公网IP的位置, 实际测试中,由于ip地址库有限, 通常只能显示到国家或地区.

2. SQLFilter Plug-In

Description:
The SQLFilter brings the power of packet mining to OmniPeek and EtherPeek. The SQLFilter adds a new tab in the local capture window which allows users to index individual packet files and folders of packet files, as well as live captures. Simple and complex queries can then be made against the resulting database index over and over at any time, without ever needing to open the trace files again.

主要将所捕获的数据包写入数据库, 便于进一步分析.

3. Remote TCPDump Adapter

The Remote TCPDump Adapter remotely runs tcpdump over an SSH connection to a Unix or Linux computer, and streams the packets back into Peek.

非常酷的一个插件,也是我最喜欢的插件.只要在远程linux/unix上装好tcpdump/ssh,再做简单的配置就可以使用了. 实现了对*nix的远程抓包, 并且可以在Omnipeek中显示和分析, 同时也支持tcpdump过滤, 推荐使用!

4. Browser Plug-In

Description:
The Browser sample plug-in demonstrates how packets can be assembled into streams and payloads can be extracted from them. In this plug-in the packet payloads are assembled into web pages and displayed in a web browser tab.

http会话再现工具, 可以将标准的http数据还原成web页面, 目前对中文支持还不够好, 不过可以试一下NETIS出的一个web插件, 稍候提供下载.

5. OmniPeek Plug-in Wizard

Description:
Create console plug-ins fast. The OmniPeek Plug-in Wizard generates source code and project files which when built produce a Peek console plugin dll. The plug-in can run in Peek to extend its functionality in many ways. The Peek Console Plug-in Wizard provides a variety of options which result in the generation of different types of sample code. For example, two of the options are to create sample summary stats code and to create a new tab in a capture window. The API's used by the wizard to interact with the Peek Console are written in C. The framework that the wizard generates to route messages is C++.

OmniPeek使用VS2003开发的, 这个插件向导也只能用于VS2003, Vs2005的用户目前无法安装.

6. Instant Messenger Plugin

Description:
The Instant Messenger Plugin displays conversations for the AIM, MSN, and Yahoo protocols.

即时通讯插件, 可以还原MSN等会话, 但有时不是很稳定, 目前还不支持QQ. 国产的科来目前对qq支持是最好的,其次是Wireshark/Ethereal.

7. WebStats

Description:
WebStats is an application that monitors Web, FTP, and TCP Streams. It is a streambuilder, so for anybody who needs code to build streams, WebStats is a good place to start. The statistics that result from monitoring these streams are displayed in the Summary Statistics Window.

Web/FTP等统计分析的, 只对正版用户提供下载, 目前还没搞到手.

8. PeekPlayer Plug-in

Description:
The PeekPlayer Plugin is more than just a sample, it has a lot of functionality. However, lucky for you we decided to give it away. The basic function of the PeekPlayer is to send packets to a destination. The destination can be an adapter, or another capture window. This makes it possible to aggregate packets from multiple captures into a single capture.

数据包回放工具, 很不错的,不知道为什么排名这么低. 类似于NAI Sniffer Application Playback.

9. Cisco AP Remote Adapter

Description:
The Cisco Access Point Remote Adapter is an application that provides full packet capture capability at remote sites without having to deploy a packet analysis platform. Use of the Remote Adapter allows for flexible deployment of monitoring and management capabilities in any wireless network environment. With the Remote Adapter, any supported* Cisco Access Point can be placed in promiscuous mode and can capture all 802.11 transmissions it receives. These packets, including information on timing and signal strength, are then forwarded to a PC running AiroPeek or OmniPeek. The “Peek” software analyzes the packets from the Cisco AP Remote Adapter application and displays the same information as when capturing packets locally using a wireless LAN card.

可以直接连接到Cisco AP抓包分析, 可惜也不提供公开下载.

10. Latency Monitor

Description:
This add-on application, available now for Omni 3.0, provides an intelligent and flexible way to determine and react to latency. The Latency Monitor is designed to produce meaningful notifications about latency across groups of servers as well as specific applications. This type of high value notification can be used by a company to build procedures, both manual and automated, to react and fix problems before they occur. Being able to fix problems before they occur can result in saving money and making money depending on the type of company.

目前不提供下载.

-----------------------------------------------------------------------------------------------

除了上面有3个不提供下载的插件, 另外的我已经打包在一起了,方便大家.

如何安装?

1. 先关闭OmniPeek, 提供安装包的直接运行安装.
2. 对与DLL文件,请copy至WildPackets\OmniPeek\Plugins\
重启OmniPeek即可.