1.1. What is Wireshark? Wireshark is a network packet analyzer.

A network packet analyzer will try to ca pture network packets and tries to display that packet data as detailed as possi ble. You could think of a network packet analyzer as a measuring device used to exami ne what's going on inside a network cable, just like a voltmeter is used by an e lectrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. Howeve r, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available toda y. 1.1.1. Some intended purposes Here are some examples people use Wireshark for: * network administrators use it to troubleshoot network problems * network security engineers use it to examine security problems * developers use it to debug protocol implementations * people use it to learn network protocol internals Beside these examples, Wireshark can be helpful in many other situations too. 1.1.2. Features The following are some of the many features Wireshark provides: * Available for UNIX and Windows. * Capture live packet data from a network interface. * Display packets with very detailed protocol information. * Open and Save packet data captured. * Import and Export packet data from and to a lot of other capture programs. * Filter packets on many criteria. * Search for packets on many criteria. *

Colorize packet display based on filters. * Create various statistics. * ... and a lot more!

What is WinPcap WinPcap is an open source library for packet capture and network analysis for th e Win32 platforms. Most networking applications access the network through widely used operating sy stem primitives such as sockets. It is easy to access data on the network with this approach since the operating system copes with the low level details (proto col handling, packet reassembly, etc.) and provides a familiar interface that is similar to the one used to read and write files. Sometimes, however, the 'easy way' is not up to the task, since some application s require direct access to packets on the network. That is, they need access to the "raw" data on the network without the interposition of protocol processing by the operating system. The purpose of WinPcap is to give this kind of access to Win32 applications; it provides facilities to: * capture raw packets, both the ones destined to the machine where it's runn ing and the ones exchanged by other hosts (on shared media) * filter the packets according to user-specified rules before dispatching th em to the application * transmit raw packets to the network * gather statistical information on the network traffic