Wireshark is a versatile and extensible packet sniffer computer networks Ethernet and some other (network protocol analyzer).

Traffic analyser (sniffer / sniffer – sniff) is the app or device to intercept and analyze network traffic (your own or someone else’s). A sniffer can analyze only one pass through available network cardin the “classic” version of the traffic analysis takes place “manually“, using only the simplest of automation.

Project development started in 1998 year by Gerald Combs (Gerald Combs)originally the app was called Ethernal, but because of problems with the brand in June 2006 , the project was renamed to Wireshark. At the moment the development of the application is carried out thanks to the voluntary contribution of a network of experts around the world.

Wireshark has a command line version (wireshark-cli) consisting of a set of tools: capinfos, captype, dumpcap, editcap, idl2wrs, mergecap, mmdbresolve, randpkt, rawshark, reordercap, sharkd, text2pcap and tshark, as well as has a partially customizable C (si) / C++ / QT (formerly GTK) the user interface for them. The application functionality is largely similar to the provided command-line utility called tcpdump, which allows to intercept and analyze network traffic.

Using Wireshark , the user can view the entire passing network traffic in “real time“, translating the network card in promiscuous mode (Promiscuous mode), the mode in which the network map allows you to accept all packets regardless of whom they are addressed.

Wireshark provides many opportunities for sorting and filtering information, has support for most major network protocols that allows to intercept and analyze network packet, showing the value of each field in the Protocol at any level.

To capture packets, Wireshark uses capabilities of the library analysis of network data is the PCAP (Libpcap), so the ability to capture data only from those networks that are supported by this library.

One of the features of Wireshark is the ability to work with a lot of input format, including supports data files captured by other applications that greatly enhances grip. Capture files compressed with gzip can be decompressed “on the fly“.

Wireshark for different configurations allows the use of “profiles“, the output can be exported to formats XML, PostScript, CSV and plain text. To empower uses Luascripts to control using mouse and/or keyboard shortcuts. In the application there is detailed official documentation and a large number of informal (custom).

License: GNU General Public License version 2.0 (GPLv2)

Home page

Author: posixru

Source: zenway.ru

(Visited 39 times, 1 visits today)