Professional Documents
Culture Documents
Wireshark is the world's foremost network protocol analyzer. It lets you see
what's happening on your network at a microscopic level. It is the de facto
(and often de jure) standard across many industries and educational
institutions.
Wireshark development thrives thanks to the contributions of networking
experts across the globe. It is the continuation of a project that started in
1998.
Wireshark is a free and open-source packet analyzer. It is used for
network troubleshooting, analysis, software and communications
protocol development, and education. Originally named Ethereal, in May
2006 the project was renamed Wireshark due to trademark issues.
Wireshark is cross-platform, using the GTK+ widget toolkit in current
releases, and Qt in the development version, to implement its user interface,
and using pcap to capture packets; it runs on GNU/Linux,OS X, BSD, Solaris,
some other Unix-like operating systems, and Microsoft Windows. There is
also a terminal-based (non-GUI) version called TShark. Wireshark, and the
other programs distributed with it such as TShark, are free software, released
under the terms of the GNU General Public License.
Features
Wireshark has a rich feature set which includes the following:
Captured network data can be browsed via a GUI, or via the TTY-mode
TShark utility
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM,
Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on
your platform)
Coloring rules can be applied to the packet list for quick, intuitive
analysis
Advantages
1. Live capture from many different network media
Wireshark can capture traffic from many different network media
types - and despite its name - including wireless LAN as well. Which
media types are supported, depends on many things like the
operating system you are using
2. Import files from many other capture programs
Wireshark can open packets captured from a large number of other
capture programs.
Disadvantages
Here are some things Wireshark does not provide: