WiresharkWireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.Wiresharkis afree and open-sourcepacket analyzer. It is used for networktroubleshooting, analysis, software andcommunications protocoldevelopment, and education. Originally namedEthereal, in May 2006 the project was renamed Wireshark due to trademark issues. Wireshark iscross-platform, using theGTK+widget toolkitin current releases, andQtin the development version, to implement its user interface, and usingpcapto capture packets; it runs onGNU/Linux,OSX,BSD,Solaris, some otherUnix-likeoperating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, arefree software, released under the terms of theGNU General Public License.FeaturesWireshark has a rich feature set which includes the following: Deep inspection of hundreds of protocols, with more being added all the time Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility The most powerful display filters in the industry Rich VoIP analysis Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others Capture files compressed with gzip can be decompressed on the fly Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform) Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2 Coloring rules can be applied to the packet list for quick, intuitive analysis Output can be exported to XML, PostScript, CSV, or plain textSome intended purposesHere are some examples people use Wireshark for: Network administrators use it totroubleshoot network problems Network security engineers use it toexamine security problems Developers use it todebug protocol implementations People use it tolearn network protocolinternalsBeside these examples Wireshark can be helpful in many other situations too.Figure.Wireshark captures packets and lets you examine their contents.

Advantages

1. Live capture from many different network mediaWireshark can capture traffic from many different network media types - and despite its name - including wireless LAN as well. Which media types are supported, depends on many things like the operating system you are using2.Import files from many other capture programsWireshark can open packets captured from a large number of other capture programs. 3.Export files for many other capture programsWireshark can save packets captured in a large number of formats of other capture programs.4.Many protocol decodersThere are protocol decoders (or dissectors, as they are known in Wireshark) for a great many protocols.5.Open Source SoftwareWireshark is an open source software project, and is released under theGNU General Public License(GPL). You can freely use Wireshark on any number of computers you like, without worrying about license keys or fees or such. In addition, all source code is freely available under the GPL. Because of that, it is very easy for people to add new protocols to Wireshark, either as plugins, or built into the source, and they often do!DisadvantagesHere are some things Wireshark does not provide: Wireshark isnt an intrusion detection system. It will not warn you when someone does strange things on your network that he/she isnt allowed to do. However, if strange things happen, Wireshark might help you figure out what is really going on. Wireshark will not manipulate things on the network, it will only "measure" things from it. Wireshark doesnt send packets on the network or do other active things (except for name resolutions, but even that can be disabled).