Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development and education.
Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap (packet capture) to capture packets, it runs on various Unix-like operating systems including Linux, Mac OS X and on Microsoft Windows.
There is also a malicious rogue anti-spyware program called Wireshark Antivirus that reports false information. This is in no way related to the packet analyzer program, Wireshark, and the two should not be confused.
[advt]
Features
- Data can be captured “from the wire” from a live network connection or read from a file that recorded already-captured packets.
- Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
- Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
- Captured files can be programmatically edited or converted via command-line switches to the “editcap” program.
- Data display can be refined using a display filter.
- Plug-ins can be created for dissecting new protocols.
- VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.
- Raw USB traffic can be captured with Wireshark.This feature is currently available only under Linux.
Be the first to comment