Wireshark is the world's foremost network protocol analyzer, and is the standard across many industries and educational institutions for security stuff. Wireshark is the world’s most popular network protocol analyzer.
It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly.
It is freely available as open source, and is released under the GNU General Public License version 2
Wireshark uses pcap to capture packets from supported protocols.
- Data can be captured "from the wire" from a live network connection or read from a file that records the already-captured packets.
- Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loop-back.
- Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
- Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
- Data display can be refined using a display filter.
- Plug-ins can be created for dissecting new protocols.