Search the Community

Introduction WireShark is the world’s foremost network protocol analyzer, and an essential tool for any system administrator or cybersecurity professional. This tool is also free and cross-platform. WireShark: The World’s Foremost Network Protocol Analyzer It’s free, open source, cross-platform and widely-used network protocol analyzer that supports various protocols. WireShark can read and process capture files from a number of different products, including other sniffers, routers, and network utilities. It uses Qt (graphical user interface library), a very popular Promiscuous Capture Library (libpcap), a packet capture and filtering library. It also comes with TShark (a line-oriented sniffer), a terminal-based (non-GUI) version. You can use WireShark to troubleshoot network problems, examine security problems, verify network applications, debug protocol implementations, and also to learn network protocol internals. Wireshark uses a library called pcap for capturing the network packets. Features: Deep inspection of hundreds of protocols Live capture and offline analysis. Standard three-pane packet browser. Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility. The most powerful display filters in the industry. Rich VoIP analysis. Read/write many different capture file formats. Capture files compressed with gzip can be decompressed on the fly. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform). Decryption support for many protocols, including: IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2. You can apply coloring rules to the packet list for quick, intuitive analysis. Output can be exported to XML, PostScript®, CSV, or plain text. [hide][Hidden Content]]