Wireshark
 |
|
Wireshark GUI
|
|
| Original author(s) | Gerald Combs |
|---|---|
| Developer(s) | The Wireshark team |
| Initial release | Around 1998 |
| Stable release |
2.2.5 / 3 March 2017
|
| Repository | code |
| Written in | C, C++ |
| Operating system | Cross-platform |
| Type | Packet analyzer |
| License | GNU GPL |
| Website | www |
Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis, software and development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
Wireshark is cross-platform, using the Qt widget toolkit in current releases to implement its user interface, and using pcap to capture packets; it runs on Linux, macOS, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.
Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.
Wireshark lets the user put network interface controllers that support promiscuous mode into that mode, so they can see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast traffic. However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all traffic through the switch is necessarily sent to the port where the capture is done, so capturing in promiscuous mode is not necessarily sufficient to see all network traffic. Port mirroring or various network taps extend capture to any point on the network. Simple passive taps are extremely resistant to tampering.
...
Wikipedia