Wireshark is the world’s foremost network protocol analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
Wireshark lets you capture and interactively browse the traffic running on a computer network. It is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets.
It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark is very similar to tcpdump, but has a graphical front-end. In addition, some integrated sorting and filtering options.
Wireshark allows the user to put the network interfaces that support promiscuous mode into that mode, in order to see all traffic visible on that interface, not just traffic addressed to one of the interface’s configured addresses and broadcast/ multicast traffic.
Homepage – https://www.wireshark.org
Size: 51.8 MB
However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all of the traffic traveling through the switch will necessarily be sent to the port on which the capture is being done. So capturing in promiscuous mode will not necessarily be sufficient to see all traffic on the network. Port mirroring or various network taps extend capture to any point on net. Simple passive taps are extremely resistant to malware tampering.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform. Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog. Microsoft Network Monitor, Network General Sniffer, Sniffer Pro, and NetXray. Also Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor. Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
- Decryption support for many protocols. Including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Allows the Output to export to XML, PostScript, CSV, or plain text