Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
Wireshark has a rich feature set which includes the following:
Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
Capture files compressed with gzip can be decompressed on the fly
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Coloring rules can be applied to the packet list for quick, intuitive analysis
Output can be exported to XML, PostScript®, CSV, or plain text
Manual Pages -
androiddump - Provide interfaces to capture from Android devices
capinfos - Prints information about capture files
captype - Prints the types of capture files
ciscodump - Provide interfaces to capture from a remote Cisco router through SSH.
dftest - Shows display filter byte-code, for debugging dfilter routines.
dumpcap - Dump network traffic
editcap - Edit and/or translate the format of capture files
etwdump - Provide an interface to read ETW
extcap - The extcap interface
idl2wrs - CORBA IDL to Wireshark Plugin Generator
mergecap - Merges two or more capture files into one
mmdbresolve - Read IPv4 and IPv6 addresses and print their IP geolocation information.
randpkt - Random packet generator
randpktdump - Provide an interface to generate random captures using randpkt
rawshark - Dump and analyze raw pcap data
reordercap - Reorder input file by timestamp into output file
sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
text2pcap - Generate a capture file from an ASCII hexdump of packets
tshark - Dump and analyze network traffic
udpdump - Provide an UDP receiver that gets packets from network devices (like Aruba routers) and exports them in PCAP format.
wireshark-filter - Wireshark display filter syntax and reference
wireshark - Interactively dump and analyze network traffic
Capture filtering is handled by libpcap, and its documentation is part of the libpcap distribution.
pcap-filter - Capture filter syntax
Default columns in a packet capture output
|
No. |
Frame number from the begining of the packet capture |
|
Time |
Seconds from the first frame |
|
Source (src) |
Source address, commonly an IPv4, IPv6 or Ethernet address |
|
Destination (dst) |
Destination adress |
|
Protocol |
Protocol used in the Ethernet frame, IP packet, or TC segment |
|
Length |
Length of the frame in bytes |
Commands -
Wireshark Filter by IP. ip.addr == 20.34.45.56.
Wireshark Filter by Destination IP. ip.dst == 20.34.45.56.
Wireshark Filter by Source IP.
Wireshark Filter IP Range. ...
Wireshark Filter Multiple IP. ...
Wireshark Filter Out IP Address. ...
Wireshark Filter Subnet. ...
Wireshark Filter by Port.
.png)
.png)
.png)
0 Comments
I'd love to hear your thoughts!