Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.
Wireshark captures packets and allows you to examine their content
Some intended purposes
Here are some examples people use Wireshark for:
- network administrators use it to troubleshoot network problems
- network security engineers use it to examine security problems
- developers use it to debug protocol implementations
- people use it to learn network protocol internals
Beside these examples, Wireshark can be helpful in many other situations too.
The following are some of the many features Wireshark provides:
Available for UNIX and Windows.
- Capture live packet data from a network interface.
- Display packets with very detailed protocol information.
- Open and Save packet data captured.
- Import and Export packet data from and to a lot of other capture programs.
- Filter packets on many criteria.
- Search for packets on many criteria.
- Colorize packet display based on filters.
- Create various statistics.
- … and a lot more!
However, to really appreciate its power, you have to start using it.
Wat’s new?
Version 0.99.3 (2006-08-23)
New and Updated Features
- The following features are new (or have been significantly updated) since the last release:
- ESP, Kerberos, and SSL decryption are now supported in the Windows installer. (As as result, Wireshark is now subject to United States export controls.)
- The packet list context menu now includes a conversation filter.
- Wireshark can now generate ACL rules for several popular firewall products.
- Wireshark now supports AirPcap, including raw 802.11 captures under Windows.
New Protocol Support
- Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control, Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
Updated Protocol Support
- All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637, AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS, EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER, DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP, Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT, Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny, SMB, SSL, TCP, text/media, Time, XML
New and Updated Capture File Support - Catapult DCT2000, nettl
Â
- Publisher – Wireshark
- File Size – 14.1 Mb
- Version – 0.99.3
- License – Freeware
