Without any doubt, Wireshark (formerly called Ethereal) is currently the world’s most famous, foremost free and open source network packets capture & analysis tool. Its appearance puts an end to the future of all similar business software.

As the most commonly used also the best network packets analyzer, Wireshark’s main function is to capture/grab the network data packets, and then show their as detailed as possible information. Due to the use of WinPcap as interface, it gets the ability of directly exchanging data with the network adapter. And we can think of this workflow as “electrical technician uses an electricity meter to measure current, voltage, resistance, etc.”.

For the vast majority of users (rather than its developers), it makes no sense to care about the realization of technical details for Wireshark, as long as you roughly understand in what ways and do what kind of things it can help us, and then begin to learn to use it, that’s enough. Some application scenarios are as follows:

• Network/System administrator/manager uses Wireshark to detect network problems
• Network security engineer uses Wireshark to check communication security related problems
• Internet developer uses Wireshark to debug the new designed communication protocol
• Ordinary user uses Wireshark to study the relative knowledge of network protocols
• Of course, some people will be “sinister” enough to use it to find/collect some sensitive information (it seems this is the key use for many guys, isn’t it?)

// Key Features //

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript, CSV, or plain text

// Official Demo Video //

// Related Links //

• Wireshark Official User’s Guide
  • Web pages (browseable): One huge page or multiple pages
  • Web pages (ZIP file): One huge page or multiple pages
  • PDF: USor A4
  • Windows help: CHM file
• Wireshark Official Q&A forum
• Command-line Manual Pages

// Download URLs //

(Homepage)