Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. Released under the terms of the GNU General Public License, Wireshark is free software.
Functionality
Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.
What is Wireshark?
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.
Some intended purposes
Here are some examples people use Wireshark for:
network administrators use it to troubleshoot network problems
network security engineers use it to examine security problems
developers use it to debug protocol implementations
people use it to learn network protocol internals
Beside these examples, Wireshark can be helpful in many other situations too.
Features
The following are some of the many features Wireshark provides:
Available for UNIX and Windows.
Capture live packet data from a network interface.
Display packets with very detailed protocol information.
Open and Save packet data captured.
Import and Export packet data from and to a lot of other capture programs.
Filter packets on many criteria.
Search for packets on many criteria.
Colorize packet display based on filters.
Create various statistics.
... and a lot more!
However, to really appreciate its power, you have to start using it.
Wireshark captures packets and allows you to examine their content.
What Wireshark is not
Here are some things Wireshark does not provide:
Wireshark isn't an intrusion detection system. It will not warn you when someone does strange things on your network that he/she isn't allowed to do. However, if strange things happen, Wireshark might help you figure out what is really going on.
Wireshark will not manipulate things on the network, it will only "measure" things from it. Wireshark doesn't send packets on the network or do other active things (except for name resolutions, but even that can be disabled).
No comments:
Post a Comment