Wireshark is a widely-used network protocol analyser which provides us with a clear view of micro-level happenings which are usually common in all government agencies, non-profit enterprises, commercial enterprises and educational institutions. The stellar growth of Wireshark is indebted to the contributions of networking experts on an international level which came together in the form of Gerald Combs project in 1998.
Originally termed as Ethereal, Wireshark comes ahead with a user-friendly interface which displays innumerable data pertaining to various protocols across different network types. You can utilise the capture/trace file formats such as ERF and CAP for analysing these data packets offline or on a real-time basis. Everything ranging from connection-level information to the ones which make up a single packet can be examined in details by Wireshark. The encrypted packets can be viewed by an integrated decryption tool for popular protocols like WPA/WPA2 and WEP. Network administrator can gain information pertaining to individual packets like source, transmit time, protocol type, destination and header data from packet capture thus helping in troubleshooting network security device issues and evaluation of security events. Information is displayed by Wireshark typically in three panels with the top one enlisting frames individually containing key data on a single line. A single frame occupying the top pane is explained further in the middle panel of the tool where packet details are displayed illustrating the relationship between various aspects of frames with transport layer, network layer, data link layer or application layer. Raw frame is displayed in Wireshark’s bottom pane with ASCII value on the right and hexadecimal rendition on the left. Wireshark can only capture packets of networks which are supported by pcap.
- Standard three-pane packet browser.
- Live capture and offline analysis.
- Rick VoIP analysis.
- Highly powerful display filters.
- Deep inspection of protocols which are added to the queue with every passing moment.
- Multi-platform support towards Linux, Windows, FreeBSD, OS X, NetBSD and many more.
- Live data can be read from IEEE 802.11, Ethernet, ATM, PPP/HDLC, USB, Bluetooth, Frame Relay, Token Ring, FDDI and many more depending upon your platform.
- GUI or TTY-mode TShark utility used for browsing the captured network data.
- Captured files compressed using gzip can be decompressed using fly.
- Supports decryption of protocols such as ISAKMP, IPsec, SNMPv3, Kerberos, WEP, SSL/TLS and WPA/WPA2.
- Application of colouring rules on packet list for intuitive and quick analysis.
- Output can be exported to PostScript®, XML or CSV format.
- Data can be read from an already-captured file packet or “from the wire.”
- “Editcap” program helps in editing the captured files programmatically or conversion through command-line switches.
- New protocols can be dissected through creation of plug-ins.