[ad]
After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!
For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Features
Wireshark has a rich feature set which includes the following:
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
This is one tool EVERYONE involved in security or network administration should be familiar with.
You can download Wireshark here:
Or read more here.
mumble says
Is anyone _not_ using Wireshark? It’s used in the security class I’m taking. I’ve used it at work for years, and even contributed patches. I’m just curious — if anyone’s not using it, what are they using?
Pantagruel says
[quote]
This is one tool EVERYONE involved in security or network administration should be familiar with.
[/quote]
nothing more to add, this is one of the basic gpl tools you should be able to use. I can’t think of anything else with this kind of ‘power’ regarding network recon/analysis.
ZaD MoFo says
Wireshark – Such a good dog in this ocean of malware!
Help me keep rodents out of my sanctuary.
Barking @ who I doesn’t know.
Biting thru filtering @ trange behavior packets.
It’s the “Great White” of packet analysis…
Free, easy, predictable: This is what I mean an excellent SoftTool.
Before Wireshark I was in the Darkness…
And as I recall, it is here, on darknet.org.uk that I learned of its existence.
Just my pinch of salt.
James C says
@mumble
A list of other sniffer’s, those crazy not wireshark using people might be using
http://www.tech-faq.com/packet-sniffer.shtml
Personal I use Wireshark for most work.
goodpeople says
Depends on what I’m trying to find out. WS is kind of a big gun if I only want to analyze MSN traffic…
mumble says
All joking aside – I also like net2pcap (http://www.secdev.org/projects/net2pcap/) – which is essentially a wire -> file tool. Do the analysis offline later using anything. Works great w/ wireshark or just about any other packet analysis tool.
fever says
i haven’t used this but i used ethereal before it became wireshark. if it is even have as nice as ethereal than i will definitly upgrade.