Wireshark

Wireshark is a network packet analyzer. A network packet analyzer captures network packets and tries to display that packet data as detailed as possible.

A network packet analyzer can be regarded as a measuring device to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course).

It is developed and maintained by a global team of protocol experts. It used to be known as Ethereal, and was renamed to Wireshark in May 2006.

Wireshark 1.0.0

Price Free to download Size 16.3MB License GNU General Public License Developer Gerald Combs (original author) and a large number of contributors Website www.wireshark.org System Requirements 128MB RAM system memory (recommended: 256MBytes or more) 75MB available disk space (plus size of user's capture files, e.g. 100MB extra) 800*600 (1280*1024 or higher recommended) resolution with at least 65536 (16bit) colors (256 colors should work if Wireshark is installed with the "legacy GTK1" selection) A supported network card for capturing: * Ethernet: any card supported by Windows should do * WLAN: see the MicroLogix support list, no capturing of 802.11 headers and non-data frames * Other media Support Sites: Wireshark User's Guide, Wireshark Wiki, Connection Magazine, The Code Project, Linux Journal, SearchSecurity, Connection Magazine Selected Reviews: Softpedia, SmallNetBuilder

Features include:

• Hundreds of protocols are supported, with more being added all the time
• Live capture and offline analysis are supported
• Standard three-pane packet browser
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• Powerful display filters
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cinco Networks NetXRay captures, Cisco Secure IDS iplog, Endace Measurement Systems' ERF format capture, EyeSDN USB S0 traces, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list, which eases analysis
• Output can be exported to XML, PostScript, CSV, or plain text

Return to 'Linux Equivalents' Home Page

Last Updated Saturday, April 26 2008 @ 06:54 PM EDT